poky: subtree update:796be0593a..9294bc4bb4

This includes our temporary libpam revert until OpenBMC can get in support for the new libraries. See openbmc/openbmc#3750 for more information. Abdellatif El Khlifi (4): kernel-fitimage: adding support for Initramfs bundle and u-boot script kernel: skip installing fitImage when using Initramfs bundles oeqa/selftest/imagefeatures: adding fitImage initramfs bundle testcase ref-manual/ref-classes: update kernel-fitimage with Initramfs bundle and boot script Adrian Herrera (2): scripts: oe-run-native, fix *-native directories common-licenses: add BSD-3-Clause-Clear license Alan Perry (2): binutils: add libopcodes package for perf iproute2: Add subpackage for rdma command Alejandro Hernandez Samaniego (2): newlib: Upgrade 3.3.0 -> 4.1.0 newlib: Update licence Alex Stewart (1): opkg: upgrade to version 0.4.4 Alexander Kanavin (89): selftest/reproducible: enable world reproducibility test selftest/reproducible: add an exclusion list for items that are not yet reproducible kea: upgrade 1.7.10 -> 1.8.1 valgrind: exclude bar_bad/bar_bad_xml from ptests bzip2: run ptests without valgrind lttng-tools: disable more failing ptests glib-2.0: add a patch to increase a test timeout acpica: upgrade 20201113 -> 20201217 bind: upgrade 9.16.9 -> 9.16.10 diffoscope: upgrade 161 -> 163 dnf: upgrade 4.4.0 -> 4.5.2 enchant2: upgrade 2.2.13 -> 2.2.14 epiphany: upgrade 3.38.1 -> 3.38.2 ethtool: upgrade 5.9 -> 5.10 gtk+3: upgrade 3.24.23 -> 3.24.24 init-system-helpers: upgrade 1.58 -> 1.60 kbd: upgrade 2.3.0 -> 2.4.0 kea: upgrade 1.8.1 -> 1.8.2 libmodulemd: upgrade 2.9.4 -> 2.11.1 libpcre2: upgrade 10.35 -> 10.36 libtirpc: upgrade 1.2.6 -> 1.3.1 libusb1: upgrade 1.0.23 -> 1.0.24 libva: upgrade 2.9.0 -> 2.10.0 libx11: upgrade 1.6.12 -> 1.7.0 lighttpd: upgrade 1.4.56 -> 1.4.57 ninja: upgrade 1.10.1 -> 1.10.2 puzzles: upgrade to latest revision python3-hypothesis: upgrade 5.41.5 -> 5.43.3 python3-py: upgrade 1.9.0 -> 1.10.0 python3-setuptools-scm: upgrade 4.1.2 -> 5.0.1 sqlite3: upgrade 3.33.0 -> 3.34.0 stress-ng: upgrade 0.11.24 -> 0.12.00 sudo: upgrade 1.9.3p1 -> 1.9.4p1 sysvinit: upgrade 2.97 -> 2.98 vala: upgrade 0.50.1 -> 0.50.2 vulkan-headers: upgrade 1.2.154.0 -> 1.2.162.0 webkitgtk: upgrade 2.30.2 -> 2.30.4 xprop: upgrade 1.2.4 -> 1.2.5 xserver-xorg: upgrade 1.20.9 -> 1.20.10 glib-2.0: update 2.66.2 -> 2.66.4 rpm: update 4.16.0 -> 4.16.1.2 piglit: update to latest revision sbc: update 1.4 -> 1.5 libdnf: update 0.55.0 -> 0.55.2 libva-utils: update 2.9.1 -> 2.10.0 python3-importlib-metadata: update 3.1.1 -> 3.3.0 python3: update 3.9.0 -> 3.9.1 vulkan-loader: upgrade 1.2.154.1 -> 1.2.162.0 vulkan-tools: upgrade 1.2.154.0 -> 1.2.162.0 systemd-bootchart: update 233 -> 234 zstd: add recipe from meta-oe zstd: update 1.4.5 -> 1.4.8 devtool: gitsm:// should be handled same as git:// in upgrades ovmf: upgrade 202008 -> 202011 libksba: update 1.4.0 -> 1.5.0 libjitterentropy: update 2.2.0 -> 3.0.0 icu: update 68.1 -> 68.2 gnutls: update 3.6.15 -> 3.7.0 gnupg: update 2.2.23 -> 2.2.26 boost: update 1.74.0 -> 1.75.0 kexec-tools: update 2.0.20 -> 2.0.21 vulkan-samples: update to latest revision libpam: update 1.3.1 -> 1.5.1 strace: update 5.9 -> 5.10 python3-pytest: update 6.1.2 -> 6.2.1 mtools: update 4.0.25 -> 4.0.26 gnu-config: update to latest revision cmake: update 3.18.4 -> 3.19.2 ccache: upgrade 3.7.11 -> 4.1 ccache.bbclass: use ccache from host distribution gawk: add missing ptest dependency util-linux: upgrade 2.36 -> 2.36.1 ell: upgrade 0.33 -> 0.35 net-tools: correct version check oeqa/ptest: print a warning if ptests failed bash: update 5.0 -> 5.1 runtime_test.py: correct output check for bash 5.1 distcc: update 3.3.3 -> 3.3.5 gptfdisk: update 1.0.5 -> 1.0.6 python3-setuptools: update 51.0.0 -> 52.0.0 ruby: update 2.7.2 -> 3.0.0 vulkan-samples: update to latest revision dpkg: update 1.20.5 -> 1.20.7.1 libhandy: upgrade 1.0.2 -> 1.0.3 tar: update 1.32 -> 1.33 at: correct upstream version check shaderc: correct version check spirv-tools: correct version check u-boot: upgrade 2020.10 -> 2021.01 Alistair Francis (1): opensbi: Bump from 0.8 to 0.9 Anatol Belski (1): iproute2: Make it easier to manipulate SUBDIRS list from bbappend Andreas Müller (1): openssl: re-enable whirlpool Andrey Mozzhuhin (1): toolchain-shar-extract.sh: Handle special characters in script path Anton Kachalov (1): rootfs: add option to allow delayed postinsts on read-only rootfs Anuj Mittal (45): mesa: add more details to elf-tls patch mesa: remove patch disabling asm linux-yocto: update genericx86 to v5.4.87 enchant2: upgrade 2.2.14 -> 2.2.15 gstreamer1.0: upgrade 1.18.2 -> 1.18.3 gstreamer1.0-plugins-base: upgrade 1.18.2 -> 1.18.3 gstreamer1.0-plugins-good: upgrade 1.18.2 -> 1.18.3 gstreamer1.0-plugins-bad: upgrade 1.18.2 -> 1.18.3 gstreamer1.0-libav: upgrade 1.18.2 -> 1.18.3 gstreamer1.0-omx: upgrade 1.18.2 -> 1.18.3 gstreamer1.0-rtsp-server: upgrade 1.18.2 -> 1.18.3 gstreamer1.0-python: upgrade 1.18.2 -> 1.18.3 gstreamer1.0-vaapi: upgrade 1.18.2 -> 1.18.3 gst-examples: upgrade 1.18.2 -> 1.18.3 gst-devtools: upgrade 1.18.2 -> 1.18.3 gstreamer1.0-plugins-ugly: upgrade 1.18.2 -> 1.18.3 libepoxy: upgrade 1.5.4 -> 1.5.5 libproxy: upgrade 0.4.15 -> 0.4.17 stress-ng: upgrade 0.12.00 -> 0.12.01 vulkan-tools: upgrade 1.2.162.0 -> 1.2.162.1 harfbuzz: upgrade 2.7.2 -> 2.7.4 mpg123: upgrade 1.26.3 -> 1.26.4 piglit: upgrade to latest revision vala: upgrade 0.50.2 -> 0.50.3 gcr: upgrade 3.38.0 -> 3.38.1 python3-pygments: upgrade 2.7.3 -> 2.7.4 logrotate: upgrade 3.17.0 -> 3.18.0 lzip: upgrade 1.21 -> 1.22 python3-mako: upgrade 1.1.3 -> 1.1.4 wget: upgrade 1.20.3 -> 1.21.1 lighttpd: upgrade 1.4.57 -> 1.4.58 python3-importlib-metadata: upgrade 3.3.0 -> 3.4.0 python3-git: upgrade 3.1.11 -> 3.1.12 acpica: upgrade 20201217 -> 20210105 diffstat: upgrade 1.63 -> 1.64 python3-dbusmock: upgrade 0.19 -> 0.22.0 python3-hypothesis: upgrade 5.43.3 -> 6.0.2 python3-numpy: upgrade 1.19.4 -> 1.19.5 resolvconf: upgrade 1.83 -> 1.87 sudo: upgrade 1.9.4p1 -> 1.9.5p1 git: upgrade 2.29.2 -> 2.30.0 meson: upgrade 0.56.0 -> 0.56.2 rt-tests/hwlatdetect: upgrade 1.9 -> 1.10 gstreamer1.0: fix failing ptest python3: fix CVE-2021-3177 Awais Belal (1): kernel.bbclass: fix deployment for initramfs images Bruce Ashfield (38): linux-yocto-rt/5.4: update to -rt44 linux-yocto/5.4: update to v5.4.80 lttng-modules: fix build against v5.10+ kern-tools: non-gcc config support and option re-classification linux-yocto/cfg: qemuppc: set CONFIG_SCSI to '=y' linux-yocto/5.4: update to v5.4.82 linux-yocto/cfg: qemuarm64-gfx.cfg: add CONFIG_INPUT_UINPUT linux-yocto/5.4: update to v5.4.83 linux-yocto/5.8/cfg: fix -tiny warnings linux-yocto/5.4/cfg: fix -tiny warnings systemtap: fix on target build for 4.4 and 5.10+ linux-yocto/5.4/cfg: fix FIRMWARE_LOADER warnings kernel-devsrc: fix 32bit ARM devsrc builds linux-yocto/5.4: update to v5.4.85 linux-yocto-dev: bump to v5.11-rc libc-headers: update to v5.10 machine/qemuarm*: add vmalloc kernel parameter linux-yocto: introduce v5.10 reference kernel recipes linux-yocto/5.10: update to v5.10.2 conf/machine: bump qemu preferred versions to 5.10 poky/poky-tiny: set preferred kernel to 5.10 yocto-bsp: explicitly set preferred version for reference boards poky-alt: don't use conditional assignment for preferred kernel version linux-yocto/5.10: update to v5.10.4 linux-yocto/5.10: update to v5.10.5 linux-yocto/5.4: update to v5.4.87 linux-yocto/5.10/cfg: x86 and beaglebone config fixes linux-yocto: remove 5.8 recipes yocto-bsp: drop 5.8 bbappend linux-yocto/5.10: update to v5.10.8 linux-yocto/5.4: update to v5.4.90 linux-yocto-rt/5.10: fix 5.10-rt build breakage linux-yocto-rt/5.4: fix 5.4-stable caused build breakage linux-yocto/5.10: update to v5.10.10 linux-yocto/5.10: update to v5.10.12 linux-yocto/5.4: update to v5.4.94 linux-yocto/5.10: binutils 2.36 fixes yocto-bsp: linux-yocto: update to v5.10.12 Changhyeok Bae (1): python3-importlib-metadata: Add toml dependency Changqing Li (4): libexif: fix CVE-2020-0198; CVE-2020-0452 libpam: support usrmerge libpam: remove unused code qemu: fix do_compile error Chee Yang Lee (1): initrdscripts: init-install-efi.sh install extra files for ESP Chen Qi (1): systemd: change /bin/nologin to /sbin/nologin Chris Laplante (2): contrib/git-hooks: add a sendemail-validate example hook that adds FROM: lines to outgoing patch emails systemd.bbclass: improve error message when a service unit specified in SYSTEMD_SERVICE is not found Christophe Priouzeau (1): bitbake: fetch2/wget: Update user-agent Christopher Larson (2): grub-efi-cfg: exclude OVERRIDES from build_efi_cfg vardeps uboot-extlinux-config: exclude OVERRIDES from do_create_extlinux_config vardeps Deepak Rawat (1): openssl: add support for mingw64 as target Denys Dmytriyenko (2): maintainers: update own email address wayland: upgrade 1.18.0 -> 1.19.0 Diego Sueiro (4): wic: Introduce empty plugin to create unformatted empty partitions modutils-initscripts: Use depmod -a when modules.dep is empty staging: Introduce /sysroot-only to SYSROOT_DIRS dev-manual: Add usage of /sysroot-only in SYSROOT_DIRS Dmitry Baryshkov (4): perl: fix installation failure because of shell issue linux-firmware: upgrade 20201118 -> 20201218 linux-firmware: package firmware for Lontium lt9611uxc bridge mesa,mesa-gl: upgrade to 20.3.2 Dorinda (8): sanity: Verify that user isn't building in PSEUDO_IGNORE_PATHS sanity.bbclass: sanity check for if bitbake is present in PATH sanity.bbclass: check if PSEUDO_IGNORE_PATHS and ${S} overlap elfutils: split libdebuginfod into its own package elfutils: add PACKAGECONFIG for debuginfod elfutils: add support for ipk sanity.bbclass: Check if PSEUDO_IGNORE_PATHS and paths under pseudo control overlap oe-pkgdata-util: Check if environment script is initialized Easwar Hariharan (1): classes/kernel-fitimage: make fitimage_emit_section_config more readable Elvis Stansvik (1): ref-manual: terms: Fix poky tarball root folder Hongxu Jia (1): deb: do not insert feed uris if apt not installed Jack Mitchell (1): distutils3: allow setup.py to be run from a different directory to ${S} Joey Degges (4): bitbake: tests/fetch: Organize usehead tests by net requirements bitbake: tests/fetch: Document behavior of test_gitfetch_usehead bitbake: tests/fetch: Test usehead with a non-default name bitbake: fetch/git: Fix usehead for non-default names Jonathan Richardson (1): core-image-tiny-initramfs: Add compatiblity for aarch64 Jose Quaresma (22): gstreamer1.0: upgrade 1.18.1 -> 1.18.2 gstreamer1.0-plugins-bad: v4l2codecs fix typo gstreamer1.0-plugins-bad: add support for aom plugin gstreamer1.0-plugins-bad: add support for x265 plugin gstreamer1.0-plugins-bad: sctp plugin uses the internal usrsctp static lib gstreamer1.0-plugins-bad: remove unsupported plugins comment gstreamer1.0-plugins-bad: netsim plugin don't have external deps gstreamer1.0-plugins-bad: transcode plugin external deps is always present gstreamer1.0: use the correct meson option for the capabilities shaderc: upgrade 2020.3 -> 2020.4 spirv-tools: upgrade 2020.5 -> 2020.6 common-licenses: Add GPL-3.0-with-bison-exception glslang: upgrade 8.13.3743 -> 11.1.0 glslang: enable shared libs glslang: disable precompiled header shaderc: avoid reproducible issues shaderc: fix the build with glslang 11.1.0 spirv-headers: Add receipe spirv-tools: cleanup shaderc: add spirv-headers as dependencie spirv-tools: fix reproducible selftest/reproducible: remove spirv-tools-dev from exclusion list Joshua Watt (4): diffoscope: upgrade 163 -> 164 ref-manual: Clarify recommended operator for PROVIDES bash: Disable bracketed input by default bitbake: logging: Make bitbake logger compatible with python logger Kai Kang (1): adwaita-icon-theme: add version 3.34.3 back Kamel Bouhara (2): npm.bbclass: make shrinkwrap file optional recipetool: create: only add npmsw url if required Kevin Hao (2): Revert "yocto-bsp: explicitly set preferred version for reference boards" meta-yocto-bsp: Bump the kernel to v5.10 Khairul Rohaizzat Jamaluddin (4): openssl: Update 1.1.1h -> 1.1.1i go: Update 1.15.5 -> 1.15.6 curl: Update 7.73.0 -> 7.74.0 ffmpeg: Fix CVE-2020-35964, CVE-2020-35965 Khem Raj (37): musl: Update to latest master systemd: Fix reallocarray check go.bbclass: Use external linker for native packages qemuriscv: check serial consoles w.r.t. /proc/consoles busybox-inittab: Implement SYSVINIT_ENABLED_GETTYS and USE_VT initscripts: use quotes for shell variable comparision busybox: Install /etc/default/rcS when used as init system busybox: Run mdev as daemon rcS: Define identifier for init system used initscripts: Use initctl on sysvinit only busybox: Sync rcS.default with sysvinit ltp: Fix ltp-pan crash on 32bit arches using 64bit time_t pulseaudio: Fix build with clang for non-x86 target util-linux: Build fixes for 32bit arches with 64bit time_t libpam: Drop musl patches ccache: Build fixes for clang and riscv32 shadow: Remove lastlog pam plugin on musl system rxvt-unicode: Disable lastlog on musl systems openssh: Disable lastlog on musl dropbear: Disable lastlog and wtmp on musl ccache: Fix build on aarch64/clang openssl: Enable rc4/rc2/bf/md4 algorithms openssl: Enable psk for qtbase libyaml: Enable static lib on native/nativesdk musl/glibc: Document assembly file directive fix musl: Update to 1.2.2 release binutils: Upgrade to 2.36 release binutils: Package libdep linker plugins binutils: Disable parallel install for target/nativesdk binutils musl: Drop adding .file directive in asm files glibc: Drop adding .file directive in asm files glibc: Upgrade to 2.33 glibc: Enable cet glibc: Require full ISA support for x86-64 level marker security_flags.inc: Use -O with -D_FORTIFY_SOURCE systemd: Fix build on musl autoconf: Fix typo for prefuncs Lee Chee Yang (8): gdk-pixbuf: fix CVE-2020-29385 wic/direct/kparser: ensure fsuuid for vfat and msdos align with format p11-kit: upgrade 0.23.21 -> 0.23.22 cve-check: replace Looseversion with custom version class cve_check: add CVE_VERSION_SUFFIX to indicate suffix in versioning openssl: set CVE_VERSION_SUFFIX wic/selftest: test_permissions also test bitbake image wic: debug mode to keep tmp directory Leon Anavi (1): common-tasks.rst: Fix GNU_HASH in hello.bb Li Wang (2): qemu: CVE-2020-25723 qemu: CVE-2020-28916 Luca Boccassi (7): classes/kernel-fitimage: add ability to sign individual images systemd: update 246 -> 247 systemd: add package config for systemd-oomd systemd: ship new systemd-dissect in -extra-utils systemd: set -Dmode=release as recommended by NEWS systemd: add RRECOMMENDS for weak dependencies, if enabled systemd: update to v247.3 Mans Rullgard (1): boost: drop arm-intrinsics.patch Marek Vasut (2): meta: toolchain-shar-relocate.sh: Do not use $target_sdk_dir as regex meta: toolchain-shar-relocate.sh: Filter out post-relocate-setup script Mark Jonas (1): parted: Make readline dependency optional Martin Jansa (3): license.bbclass: Add COMMON_LICENSE_DIR and LICENSE_PATH dirs to PSEUDO_IGNORE_PATHS busybox.inc: install rcS, rcK and rcS.default only with busybox in VIRTUAL-RUNTIME_init_manager image_types.bbclass: tar: use posix format instead of gnu Matt Hoosier (1): bitbake: fetch/git: download LFS content too during do_fetch Maxime Roussin-Bélanger (1): meta: add missing descriptions in some support recipes Michael Halstead (4): releases: conf: add link to 3.2.1, update to include 3.2.1 releases: conf: add link to 3.1.5, update to include 3.2.1 & 3.1.5 uninative: Upgrade to 2.10 yocto-uninative.inc: version 2.11 updates glibc to 2.33 Michael Ho (2): rootfs_ipk: allow do_populate_sdk in parallel to do_rootfs license_image.bbclass: fix missing recipeinfo on self Mike Looijmans (1): license_image.bbclass: Don't attempt to symlink to the same file Mikko Rapeli (1): zip: whitelist CVE-2018-13410 and CVE-2018-13684 Milan Shah (2): oe-pkgdata-util: Added a test to verify oe-pkgdata-util without parameters bitbake: utils: add docstrings to functions Mingli Yu (4): kbd: fix transaction conflict systemd: resolve executable path if it is relative libpam: add ptest support qemu: make ptest rework Nathan Rossi (8): gcc: Add patch to resolve i*86 tune configuration overrides qemu.inc: Add seccomp PACKAGECONFIG option ncurses: Prevent LDFLAGS being emitted in .pc files which: add nativesdk to BBCLASSEXTEND sed: add nativesdk to BBCLASSEXTEND grep: add nativesdk to BBCLASSEXTEND coreutils: enable xattrs by default for nativesdk gcc: Backport patch to resolve i*86 tune configuration overrides Naveen Saini (1): gstreamer1.0-plugins-bad: fix msdk pkgconfig build failure Oleksandr Kravchuk (4): python3-smmap: update to 4.0.0 python3-numpy: update to 0.20.0 inetutils: update to 2.0 ell: update to 0.37 Oleksiy Obitotskyy (2): flex: Fix --noline option behavior dtc: improve reproducibility Oleksiy Obitotskyy yIEf0zt.mo (1): toolchain-shar-relocate.sh: Fix handling files with colons Ovidiu Panait (5): timezone: upgrade to 2020e timezone: upgrade to 2020f variables: Add documentation for KERNEL_DTC_FLAGS kernel-devicetree: Introduce KERNEL_DTC_FLAGS to pass dtc flags timezone: upgrade to 2021a Paul Barker (22): bitbake.conf: Prevent pyc file generation in pseudo context documentation: Simplify oe_wiki and oe_home links documentation: Simplify layerindex and layer links documentation: Simplify remaining yocto_home links profile-manual: Simplify yocto_bugs link ref-manual: Simplify oe_lists link documentation: Use https links where possible selftest: Add argument to keep build dir wic: Add workdir argument wic: Allow exec_native_cmd to run HOSTTOOLS wic: Ensure internal workdir is not reused image_types_wic: Move wic working directory wic: Update pseudo db when excluding content from rootfs wic: Copy rootfs dir if fstab needs updating wic: Optimise fstab modification for ext2/3/4 and msdos partitions bitbake: bitbake-hashclient: Remove obsolete call to client.connect bitbake: hashserv: client: Fix handling of null responses bitbake: hashserv: Support read-only server bitbake: hashserv: Support upstream command line argument bitbake: hashserv: Add short forms of remaining command line arguments bitbake: hashserv: server: Support searching upstream for outhash bitbake: hashserv: Add get-outhash message Paul Eggleton (11): classes/kernel-fitimage: add variable for description classes/kernel-fitimage: allow substituting mkimage command classes/kernel-fitimage: add ability to add additional signing options oe-selftest: move FIT image tests to their own module oe-selftest: fitimage: Test for FIT_DESC oe-selftest: fitimage: add test for signing FIT images classes: minor corrections to kernel-fitimage section variables: clarify KERNEL_ALT_IMAGETYPE reference variables: explicitly state that UBOOT_MKIMAGE_DTCOPTS is optional variables: Add documentation for new kernel-fitimage vars ref-manual: use consistent capitalisation of U-Boot Paul Gortmaker (1): systemd: dont spew hidepid mount errors for kernels < v5.8 Peter Bergin (1): buildhistory.bbclass: avoid exception for empty BUILDHISTORY_FEATURES variable Peter Kjellerstedt (7): lib/oe/path: Add canonicalize() bitbake.conf: Canonicalize paths in PSEUDO_IGNORE_PATHS wic: Pass canonicalized paths in PSEUDO_IGNORE_PATHS glibc: Make adjtime() for 32 bit support being called with delta == NULL bitbake: cache: Make CoreRecipeInfo include rprovides_pkg for skipped recipes bitbake: cooker: Include all packages a recipe provides in SkippedPackage.rprovides apr-util: Only specify --with-dbm=gdbm if gdbm support is enabled Quentin Schulz (1): docs: fix missing & and ; surrounding references from poky.yaml Randy Li (2): meson: Add sysroot property to nativesdk-meson meson: Don't turn string into a list in nativesdk Richard Purdie (69): pseudo: Drop patches merged into upstream branch bitbake: data_smart: Ensure hash reflects vardepvalue flags correctly linuxloader: Avoid confusing string concat errors systemd: Ensure uid/gid ranges are set deterministically grub: Fix build reproducibility issue u-boot-tools: Fix reproducibility issue grub: Add second fix for determinism issue oeqa/commands: Ensure sync can be found regardless of PATH cups: Mark CVE-2009-0032 as a non-issue cups: Mark CVE-2008-1033 as a non-issue groff: Fix reproducibility issue man-db: Avoid reproducibility failures after fixing groff-native meta-selftest/staticids: Add ids for other recipes selftest/reproducible: Add useradd-staticids to reproducible builds tests grub: Further reproducibility fix man-db: Fix reproducibility issue bitbake.conf: Add mkfifo to HOSTTOOLS bitbake.conf: Add /run/ to PSEUDO_IGNORE_PATHS ppp: Update 2.4.8 -> 2.4.9 ppp: Fix reproducibility issue sanity: Bump min python version to 3.6 pseudo: Add lchmod wrapper qemu: Upgrade 5.1.0->5.2.0 qemu: Drop vm reservation changes to resolve build issues qemu: Fix mingw builds qemu: Add some user space mmap tweaks to address musl 32 bit build issues ppp: Fix patch typo pseudo: Update for arm host and memleak fixes/cleanup vulkan-samples: Fix reproducibility issue vulkan-samples: Disable PCH for reproducibility lttng-modules: Upgrade 2.12.3->2.12.4 lttng-modules: Drop gcc7 related patch bash: Set HEREDOC_PIPESIZE deterministically bash: Add makefile race workaround build-appliance-image: Update to master head revision bitbake: fetch2/perforce: Fix localfile to include ud.module ncurses: Don't put terminfo into the sysroot python3: Avoid installing test data into recipe-sysroot staging: Clean up files installed into the sysroot gobject-introspection: Fix variable override order nativesdk-buildtools-perl-dummy: Add missing entries for nativesdk-automake package_rpm: Clean up unset runtime package variable handling bitbake.conf/python: Drop setting RDEPENDS/RPROVIDES default native: Stop clearing PACKAGES meta: Clean up various class-native* RDEPENDS overrides gtk-doc: Disable dependencies in native case pseudo: Update to include passwd and file renaming fixes at: Upgrade 3.1.23 -> 3.2.1 msmtp: Fix to work with autoconf 2.70 ruby: Fix to work with autoconf 2.70 lrzsz: Fix to work with autoconf 2.70 Revert "sanity.bbclass: check if PSEUDO_IGNORE_PATHS and ${S} overlap" image_types: Ensure tar archives are reproducible qemu.inc: Should depend on qemu-system-native, not qemu-native python3-setuptools: Add back accidentally dropped RDEPENDS opkg: Fix build reproducibility issue Revert "msmtp: Fix to work with autoconf 2.70" grub: Backport fix to work with new binutils package: Ensure do_packagedata is cleaned correctly openssh: Backport a fix to fix with glibc 2.33 on some platforms pseudo: Update to work with glibc 2.33 bitbake: bitbake-worker: Try and avoid potential short write events issues apr: Fix to work with autoconf 2.70 bitbake: cooker: Ensure reparsing is handled correctly bitbake: bblayers/action: When adding layers, catch BBHandledException bitbake: bitbake: Bump release to 1.49.1 sanity.conf: Increase minimum bitbake version due to logging function change Fix up bitbake logging compatibility opkg: Fix patch glitches Robert Rosengren (1): mpg123: Add support for FPU-less targets Robert Yang (10): buildtools-tarball.bb: Fix PATH for environment setup script ncurses: Make ncurses-tools depend on ncurses-terminfo-base minicom: RDEPENDS on ncurses-terminfo-base archiver.bbclass: Fix --runall=deploy_archives for images ccache: Extend to nativesdk ccache.bbclass: Set CCACHE_TEMPDIR Revert "ccache.bbclass: use ccache from host distribution" ccache.bbclass: Use ccache-native and disable ccache for native recipes apt: Fix do_compile error when enable ccache oeqa/selftest: binutils-cross-x86_64 -> libgcc-initial Ross Burton (28): wic-image-minimal: only depend on syslinux on x86 targets syslinux: rewrite recipe so only target code is x86-specific wic-tools: don't build syslinux-native for targets without syslinux image-uefi.conf: add EFI arch variable systemd-boot: build the EFI stub systemd-boot: allow building for Arm targets wic-tools: add grub-efi and systemd-boot on arm64 lib/oe/qa: handle the 'no specific instruction set' ELF e_machine value local.conf: add aarch64 to the SDKMACHINE example values kernel: set COMPATIBLE_HOST to *-linux bitbake.conf: default SDKMACHINE to the build host architecture diffstat: point the license checksum at the license ruby: remove tcl DEPENDS base: use URI instead of decodeurl when detecting unpack dependencies lib/oe/package_manager: ensure repodata is wiped core-image-sato-sdk-ptest: these images need ptest ovmf-shell-image: image is only buildable on x86-64 bitbake: fetch2: handle empty elements in _param_str_split bitbake: tests/fetch: add test for empty query parameters Revert "lrzsz: Fix to work with autoconf 2.70" unfs3: fix build with new autoconf gnu-config: update to latest commit autoconf: merge .bb and .inc files autotools: don't warn about obsolete usage autoconf: upgrade to 2.71 autotools: disable gtkdocize for now autotools: remove intltoolize logic autotools: no need to depend on gnu-config Sakib Sajal (2): buildstats.bbclass: add functionality to collect build system stats linux-yocto*: add features/gpio/mockup.scc to KERNEL_FEATURES Scott Branden (1): kmod: update 27 -> 28 Scott Murray (3): grub: fix "CVE:" line in one of the patches patch: fix CVE-2019-20633 glibc: CVE-2019-25013 Shachar Menashe (1): openssl: drop support for deprecated algorithms Sinan Kaya (8): gcsections: add more suppressions for SDK builds sudo: split sudo binary into its own package iproute2: split ip to individual package procps: split ps and sysctl into individual packages net-tools: split mii-tool into its own package runqemu: Add support for VHD/VHDX rootfs meta/classes: Add supprot for WIC<>VHD/VHDX conversion appliance: Add VHD/VHDX generation Steve Sakoman (2): oeqa/selftest/cases/devtool.py: fix typo in ignore_patterns call glibc: update to latest release/2.32/master branch Tanu Kaskinen (6): maintainers.inc: remove myself from maintainers pulseaudio: Remove OE_LT_RPATH_ALLOW pulseaudio: disable EsounD support pulseaudio: disable GConf support pulseaudio: switch build system from Autotools to Meson pulseaudio: fix client.conf location Teoh Jay Shen (4): oeqa/terminal : improve the test case oeqa/suspend : add test for suspend state oeqa/ethernet_ip_connman : add test for network connections oeqa/usb_hid.py : add test to check the usb/human interface device status after suspend state Thomas Perrot (1): go.bbclass: don't stage test data with sources of dependencies Tim Orling (6): python3-hypothesis: upgrade 5.41.4 -> 5.41.5 python3-importlib-metadata: upgrade 3.1.0 -> 3.1.1 python3-pygments: upgrade v2.7.2 -> v2.7.3 python3-setuptools: upgrade 50.3.2 -> 51.0.0 python3-setuptools-scm: add python3-toml dep python3-packaging: upgrade 20.4 -> 20.8 Tomasz Dziendzielski (18): populate_sdk_base: Fix condition syntax if SDK_RELOCATE_AFTER_INSTALL is disabled lib/oe/utils: Return empty string in parallel_make devtool: Fix source extraction for gcc shared source externalsrc: Fix parsing error with devtool non-git sources devtool: Fix file:// fetcher symlink directory structure selftest/devtool: Add modify_localfiles_only test checking symlink path meta: Fix native inheritance order in recipes insane: Add test for native/nativesdk inherit order lib/oe/package_manager: Do not pass stderr to package manager as an argument externalsrc: Detect code changes in submodules insane: Add missing INSANE_SKIP mechanism for native-last QA check insane: native-last: Only print classes inherited after native/nativesdk lib/oe/patch.py: Don't return command stderr from runcmd function python3: Use addtask statement instead of task dependencies lib/oe/patch.py: Ignore scissors line on applying patch sstatesig: Add descriptive error message to getpwuid/getgrgid "uid/gid not found" KeyError bitbake: lib/bb: Don't treat mc recipe (Midnight Commander) as a multiconfig target bitbake: BBHandler: Don't classify shell functions that names start with "python*" as python function Trevor Woerner (7): mesa.inc: switch true/enabled false/disabled mesa: update 20.2.4 -> 20.3.1 insane.bbclass: allow fifos selftest-chown: add test for fifos PSPLASH_FIFO_DIR: refactor psplash: fix working on first boot (sysvinit) psplash (sysvinit): add textual updates Vinícius Ossanes Aquino (1): cmake: Upgrade 3.19.2 -> 3.19.3 Vivien Didelot (4): README.hardware: prettify headline README.hardware: fix the dd command meta-yocto-bsp: use provided variables meta-yocto-bsp: use mmcblk0 for root partition Vyacheslav Yurkov (1): npm.bbclass: use python3 for npm config Wang Mingyu (33): libaio: upgrade 0.3.111 -> 0.3.112 readline: upgrade 8.0 -> 8.1 man-pages: upgrade 5.09 ->5.10 mobile-broadband-provider-info: upgrade 20190618 ->20201225 shared-mime-info: upgrade 2.0 -> 2.1 tiff: upgrade 4.1.0 -> 4.2.0 tcl: upgrade 8.6.10 -> 8.6.11 sysstat: upgrade 12.4.1 -> 12.4.2 nettle: upgrade 3.6 ->3.7 binutils: upgrade 2.35 -> 2.35.1 ed: upgrade 1.16 -> 1.17 ell: upgrade 0.35 -> 0.36 findutils: upgrade 4.7.0 -> 4.8.0 iproute2: upgrade 5.9.0 -> 5.10.0 gnupg: upgrade 2.2.26 -> 2.2.27 libpcap: upgrade 1.9.1 -> 1.10.0 libmodulemd: upgrade 2.11.1 -> 2.11.2 pulseaudio: upgrade 14.0 -> 14.2 btrfs-tools: upgrade 5.9 -> 5.10 gpgme: upgrade 1.15.0 -> 1.15.1 iptables: upgrade 1.8.6 -> 1.8.7 socat: upgrade 1.7.3.4 ->1.7.4.1 libcap: upgrade 2.46 -> 2.47 libjitterentropy: upgrade 3.0.0 -> 3.0.1 libsolv: upgrade 0.7.16 -> 0.7.17 ltp: upgrade 20200930 -> 20210121 stress-ng: upgrade 0.12.01 -> 0.12.02 util-macros: upgrade 1.19.2 -> 1.19.3 gtk-doc: upgrade 1.33.1 -> 1.33.2 e2fsprogs: upgrade 1.45.6 -> 1.45.7 bind: upgrade 9.16.10 -> 9.16.11 libdrm: upgrade 2.4.103 -> 2.4.104 parted: upgrade 3.3 -> 3.4 Yann Dirson (1): libsdl2: upgrade to 2.0.14 Yi Fan Yu (6): binutils: Fix CVE-2020-35448 oeqa/selftest/cases/tinfoil.py: increase timeout 10->60s test_wait_event strace: increase ptest timeout duration 120->240s sudo: upgrade 1.9.5p1 -> 1.9.5p2 glibc: fix CVE-2020-27618 glib-2.0: add workaround to fix codegen.py.test failing Yi Zhao (7): dhcpcd: upgrade 9.3.2 -> 9.3.4 dhcpcd: fix SECCOMP for i386 inetutils: add dnsdomainname to ALTERNATIVE libcap: update 2.45 -> 2.46 libcap-ng: upgrade 0.8.1 -> 0.8.2 dhcpcd: upgrade 9.3.4 -> 9.4.0 rng-tools: upgrade 6.10 -> 6.11 Yoann Congal (2): documentation: Fix a Concpets -> Concepts typo documentation: Prevent building documentation with an outdated version of sphinx Zhixiong Chi (1): glibc: CVE-2020-29562 and CVE-2020-29573 akuster (4): openssl: Enable srp algorithm cve-check.bbclass: add layer to cve log cve-check: add include/exclude layers documentation.conf: add both CVE_CHECK_LAYER_* hongxu (2): apt: add nativesdk support dpkg: add nativesdk support saloni (2): libgcrypt: Whitelisted CVEs libcroco: Added CVE zangrc (3): bash: Rename patch name systemtap: upgrade 4.3 -> 4.4 msmtp: upgrade 1.8.13 -> 1.8.14 zhengruoqin (11): cantarell-fonts: upgrade 0.201 -> 0.301 gdbm: upgrade 1.18.1 -> 1.19 libarchive: upgrade 3.4.3 -> 3.5.1 libevdev: upgrade 1.10.0 -> 1.10.1 libgpg-error: upgrade 1.39 -> 1.41 libmodulemd: upgrade 2.11.2 -> 2.12.0 bison: upgrade 3.7.4 -> 3.7.5 ca-certificates: upgrade 20200601 -> 20210119 mc: upgrade 4.8.25 -> 4.8.26 sqlite3: upgrade 3.34.0 -> 3.34.1 python3-packaging: upgrade 20.8 -> 20.9 Revert "libpam: update 1.3.1 -> 1.5.1" This reverts commit b0384720a46fb25c4ad180e3f256ffdeb53dc8a6. OpenBMC is not ready for the removal of pam_cracklib and pam_tally2. Until code is ready to move to new libs in libpam_1.5, carry a revert in OpenBMC to stay at libpam_1.3. openbmc/openbmc#3750 tracks this work Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: I69357e370d7cf5c5d6dfedde11b88a4f797f7e95
author: Andrew Geissler <geissonator@yahoo.com> 2021-02-13 00:35:20 +0300
committer: Brad Bishop <bradleyb@fuzziesquirrel.com> 2021-02-25 23:15:06 +0300
commit: d1e894976442c78577f52fe7b169812d00289120 (patch)
tree: b65864e37eca17e36157663e48e82e3745145379 /poky/meta/recipes-support
parent: ec0e87b37a04927ed4549b1b9d2e23a8c345cb7a (diff)
download: openbmc-d1e894976442c78577f52fe7b169812d00289120.tar.xz
68 files changed, 456 insertions, 755 deletions
diff --git a/poky/meta/recipes-support/apr/apr-util_1.6.1.bb b/poky/meta/recipes-support/apr/apr-util_1.6.1.bb
index 0dd8f025e..f7d827a1d 100644
--- a/poky/meta/recipes-support/apr/apr-util_1.6.1.bb
+++ b/poky/meta/recipes-support/apr/apr-util_1.6.1.bb
@@ -19,10 +19,9 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.gz \
 SRC_URI[md5sum] = "bd502b9a8670a8012c4d90c31a84955f"
 SRC_URI[sha256sum] = "b65e40713da57d004123b6319828be7f1273fbc6490e145874ee1177e112c459"
 
-EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ 
+EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \
 		--without-odbc \
 		--without-pgsql \
-		--with-dbm=gdbm \
 		--without-sqlite2 \
 		--with-expat=${STAGING_DIR_HOST}${prefix}"
 
@@ -69,7 +68,7 @@ PACKAGECONFIG ??= "crypto gdbm"
 PACKAGECONFIG[ldap] = "--with-ldap,--without-ldap,openldap"
 PACKAGECONFIG[crypto] = "--with-openssl=${STAGING_DIR_HOST}${prefix} --with-crypto,--without-crypto,openssl"
 PACKAGECONFIG[sqlite3] = "--with-sqlite3=${STAGING_DIR_HOST}${prefix},--without-sqlite3,sqlite3"
-PACKAGECONFIG[gdbm] = "--with-gdbm=${STAGING_DIR_HOST}${prefix},--without-gdbm,gdbm"
+PACKAGECONFIG[gdbm] = "--with-dbm=gdbm --with-gdbm=${STAGING_DIR_HOST}${prefix},--without-gdbm,gdbm"
 
 #files ${libdir}/apr-util-1/*.so are not symlinks but loadable modules thus they are packaged in ${PN}
 FILES_${PN}     += "${libdir}/apr-util-1/apr*${SOLIBS} ${libdir}/apr-util-1/apr*${SOLIBSDEV}"
diff --git a/poky/meta/recipes-support/apr/apr/autoconf270.patch b/poky/meta/recipes-support/apr/apr/autoconf270.patch
new file mode 100644
index 000000000..9f7b5c624
--- /dev/null
+++ b/poky/meta/recipes-support/apr/apr/autoconf270.patch
@@ -0,0 +1,22 @@
+With autoconf 2.70 confdefs.h is already included. Including it twice generates
+compiler warnings and since this macros is to error on warnings, it breaks.
+
+Fix by not including the file.
+
+Upstream-Status: Pending
+RP - 2021/1/28
+
+Index: apr-1.7.0/build/apr_common.m4
+===================================================================
+--- apr-1.7.0.orig/build/apr_common.m4
++++ apr-1.7.0/build/apr_common.m4
+@@ -505,8 +505,7 @@ AC_DEFUN([APR_TRY_COMPILE_NO_WARNING],
+  fi
+  AC_COMPILE_IFELSE(
+   [AC_LANG_SOURCE(
+-   [#include "confdefs.h"
+-   ]
++   []
+    [[$1]]
+    [int main(int argc, const char *const *argv) {]
+    [[$2]]
diff --git a/poky/meta/recipes-support/apr/apr_1.7.0.bb b/poky/meta/recipes-support/apr/apr_1.7.0.bb
index 7073af8c9..f879e2864 100644
--- a/poky/meta/recipes-support/apr/apr_1.7.0.bb
+++ b/poky/meta/recipes-support/apr/apr_1.7.0.bb
@@ -1,4 +1,8 @@
 SUMMARY = "Apache Portable Runtime (APR) library"
+DESCRIPTION = "The Apache Portable Runtime (APR) is a supporting library for the \
+Apache web server. It provides a set of APIs that map to the underlying \
+operating system (OS). Where the OS does not support a particular function, \
+APR will provide an emulation."
 HOMEPAGE = "http://apr.apache.org/"
 SECTION = "libs"
 DEPENDS = "util-linux"
@@ -19,6 +23,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \
            file://0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch \
            file://libtoolize_check.patch \
            file://0001-Add-option-to-disable-timed-dependant-tests.patch \
+           file://autoconf270.patch \
            "
 
 SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7"
diff --git a/poky/meta/recipes-support/aspell/aspell_0.60.8.bb b/poky/meta/recipes-support/aspell/aspell_0.60.8.bb
index 629987810..f1d931b39 100644
--- a/poky/meta/recipes-support/aspell/aspell_0.60.8.bb
+++ b/poky/meta/recipes-support/aspell/aspell_0.60.8.bb
@@ -1,4 +1,8 @@
 SUMMARY = "GNU Aspell spell-checker"
+DESCRIPTION = "GNU Aspell is a spell-checker which can be used either as a \
+standalone application or embedded in other programs. Its main feature is that \
+it does a much better job of suggesting possible spellings than just about any \
+other spell-checker available for the English language"
 SECTION = "console/utils"
 
 LICENSE = "LGPLv2 | LGPLv2.1"
diff --git a/poky/meta/recipes-support/atk/at-spi2-core_2.38.0.bb b/poky/meta/recipes-support/atk/at-spi2-core_2.38.0.bb
index 88add83dd..a0657950b 100644
--- a/poky/meta/recipes-support/atk/at-spi2-core_2.38.0.bb
+++ b/poky/meta/recipes-support/atk/at-spi2-core_2.38.0.bb
@@ -1,4 +1,6 @@
 SUMMARY = "Assistive Technology Service Provider Interface (dbus core)"
+DESCRIPTION = "At-Spi2 is a protocol over DBus, toolkit widgets use it to \
+provide their content to screen readers such as Orca."
 HOMEPAGE = "https://wiki.linuxfoundation.org/accessibility/d-bus"
 LICENSE = "LGPL-2.1+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
diff --git a/poky/meta/recipes-support/attr/acl_2.2.53.bb b/poky/meta/recipes-support/attr/acl_2.2.53.bb
index 5bb50f77f..b120c1f16 100644
--- a/poky/meta/recipes-support/attr/acl_2.2.53.bb
+++ b/poky/meta/recipes-support/attr/acl_2.2.53.bb
@@ -1,5 +1,7 @@
 SUMMARY = "Utilities for managing POSIX Access Control Lists"
 HOMEPAGE = "http://savannah.nongnu.org/projects/acl/"
+DESCRIPTION = "ACL allows you to provide different levels of access to files \
+and folders for different users."
 SECTION = "libs"
 
 LICENSE = "LGPLv2.1+ & GPLv2+"
diff --git a/poky/meta/recipes-support/attr/attr.inc b/poky/meta/recipes-support/attr/attr.inc
index 0c3330a68..97bca4698 100644
--- a/poky/meta/recipes-support/attr/attr.inc
+++ b/poky/meta/recipes-support/attr/attr.inc
@@ -1,4 +1,8 @@
 SUMMARY = "Utilities for manipulating filesystem extended attributes"
+DESCRIPTION = "A set of tools for manipulating extended attributes on filesystem \
+objects, in particular getfattr(1) and setfattr(1). An attr(1) command \
+is also provided which is largely compatible with the SGI IRIX tool of \
+the same name."
 HOMEPAGE = "http://savannah.nongnu.org/projects/attr/"
 SECTION = "libs"
 
diff --git a/poky/meta/recipes-support/bash-completion/bash-completion_2.11.bb b/poky/meta/recipes-support/bash-completion/bash-completion_2.11.bb
index bab8a018c..f00e0fc5b 100644
--- a/poky/meta/recipes-support/bash-completion/bash-completion_2.11.bb
+++ b/poky/meta/recipes-support/bash-completion/bash-completion_2.11.bb
@@ -1,4 +1,6 @@
 SUMMARY = "Programmable Completion for Bash 4"
+DESCRIPTION = "bash completion extends bash's standard completion behavior to \
+achieve complex command lines with just a few keystrokes."
 HOMEPAGE = "https://github.com/scop/bash-completion"
 BUGTRACKER = "https://github.com/scop/bash-completion/issues"
 
diff --git a/poky/meta/recipes-support/boost/boost-1.74.0.inc b/poky/meta/recipes-support/boost/boost-1.75.0.inc
index b47fdaf09..e5a8488c5 100644
--- a/poky/meta/recipes-support/boost/boost-1.74.0.inc
+++ b/poky/meta/recipes-support/boost/boost-1.75.0.inc
@@ -12,7 +12,7 @@ BOOST_MAJ = "${@"_".join(d.getVar("PV").split(".")[0:2])}"
 BOOST_P = "boost_${BOOST_VER}"
 
 SRC_URI = "https://dl.bintray.com/boostorg/release/${PV}/source/${BOOST_P}.tar.bz2"
-SRC_URI[sha256sum] = "83bfc1507731a0906e387fc28b7ef5417d591429e51e788417fe9ff025e116b1"
+SRC_URI[sha256sum] = "953db31e016db7bb207f11432bef7df100516eeb746843fa0486a222e3fd49cb"
 
 UPSTREAM_CHECK_URI = "http://www.boost.org/users/download/"
 UPSTREAM_CHECK_REGEX = "boostorg/release/(?P<pver>.*)/source/"
diff --git a/poky/meta/recipes-support/boost/boost.inc b/poky/meta/recipes-support/boost/boost.inc
index cbf9cad70..c9bb17854 100644
--- a/poky/meta/recipes-support/boost/boost.inc
+++ b/poky/meta/recipes-support/boost/boost.inc
@@ -59,10 +59,13 @@ PACKAGES = "${PN}-dbg ${BOOST_PACKAGES}"
 python __anonymous () {
     packages = []
     extras = []
+    pn = d.getVar("PN")
     mlprefix = d.getVar("MLPREFIX")
     for lib in d.getVar('BOOST_LIBS').split():
         extras.append("--with-%s" % lib)
         pkg = "boost-%s" % (lib.replace("_", "-"))
+        if "-native" in pn:
+            pkg = pkg + "-native"
         packages.append(mlprefix + pkg)
         if not d.getVar("FILES_%s" % pkg):
                 d.setVar("FILES_%s%s" % (mlprefix, pkg), "${libdir}/libboost_%s*.so.*" % lib)
diff --git a/poky/meta/recipes-support/boost/boost/0001-Apply-boost-1.62.0-no-forced-flags.patch.patch b/poky/meta/recipes-support/boost/boost/0001-Apply-boost-1.62.0-no-forced-flags.patch.patch
deleted file mode 100644
index 169906344..000000000
--- a/poky/meta/recipes-support/boost/boost/0001-Apply-boost-1.62.0-no-forced-flags.patch.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From 8845a786598f1d9e83aa1b7d2966b0d1eb765ba0 Mon Sep 17 00:00:00 2001
-From: Christopher Larson <chris_larson@mentor.com>
-Date: Tue, 13 Dec 2016 10:14:31 -0700
-Subject: [PATCH 1/3] Apply boost-1.62.0-no-forced-flags.patch
-
-Upstream-Status: Inappropriate
-Signed-off-by: Christopher Larson <chris_larson@mentor.com>
----
- libs/log/build/Jamfile.v2           |  4 ++--
- libs/log/config/x86-ext/Jamfile.jam | 16 ++++++++--------
- libs/log/src/dump_avx2.cpp          |  4 ++++
- libs/log/src/dump_ssse3.cpp         |  4 ++++
- 4 files changed, 18 insertions(+), 10 deletions(-)
-
-diff --git a/libs/log/build/Jamfile.v2 b/libs/log/build/Jamfile.v2
-index 4abbdbc..b3016fc 100644
---- a/libs/log/build/Jamfile.v2
-+++ b/libs/log/build/Jamfile.v2
-@@ -373,7 +373,7 @@ rule avx2-targets-cond ( properties * )
-             }
-             else if <toolset>clang in $(properties)
-             {
--                result = <cxxflags>"-mavx -mavx2" ;
-+                result = <cxxflags> ;
-             }
-             else if <toolset>intel in $(properties)
-             {
-@@ -383,7 +383,7 @@ rule avx2-targets-cond ( properties * )
-                 }
-                 else
-                 {
--                    result = <cxxflags>"-xCORE-AVX2 -fabi-version=0" ;
-+                    result = <cxxflags>"-fabi-version=0" ;
-                 }
-             }
-             else if <toolset>msvc in $(properties)
-diff --git a/libs/log/config/x86-ext/Jamfile.jam b/libs/log/config/x86-ext/Jamfile.jam
-index 0e9695a..dcc394d 100644
---- a/libs/log/config/x86-ext/Jamfile.jam
-+++ b/libs/log/config/x86-ext/Jamfile.jam
-@@ -15,19 +15,19 @@ project /boost/log/x86-extensions
- 
- obj ssse3 : ssse3.cpp
-     :
--        <toolset>gcc:<cxxflags>"-msse -msse2 -msse3 -mssse3"
--        <toolset>clang:<cxxflags>"-msse -msse2 -msse3 -mssse3"
--        <toolset>intel-linux:<cxxflags>"-xSSSE3"
--        <toolset>intel-darwin:<cxxflags>"-xSSSE3"
-+        <toolset>gcc:<cxxflags>
-+        <toolset>clang:<cxxflags>
-+        <toolset>intel-linux:<cxxflags>
-+        <toolset>intel-darwin:<cxxflags>
-         <toolset>intel-win:<cxxflags>"/QxSSSE3"
-     ;
- 
- obj avx2 : avx2.cpp
-     :
--        <toolset>gcc:<cxxflags>"-mavx -mavx2 -fabi-version=0"
--        <toolset>clang:<cxxflags>"-mavx -mavx2"
--        <toolset>intel-linux:<cxxflags>"-xCORE-AVX2 -fabi-version=0"
--        <toolset>intel-darwin:<cxxflags>"-xCORE-AVX2 -fabi-version=0"
-+        <toolset>gcc:<cxxflags>"-fabi-version=0"
-+        <toolset>clang:<cxxflags>
-+        <toolset>intel-linux:<cxxflags>"-fabi-version=0"
-+        <toolset>intel-darwin:<cxxflags>"-fabi-version=0"
-         <toolset>intel-win:<cxxflags>"/arch:CORE-AVX2"
-         <toolset>msvc:<cxxflags>"/arch:AVX"
-     ;
-diff --git a/libs/log/src/dump_avx2.cpp b/libs/log/src/dump_avx2.cpp
-index 4ab1250..610fc6d 100644
---- a/libs/log/src/dump_avx2.cpp
-+++ b/libs/log/src/dump_avx2.cpp
-@@ -22,6 +22,10 @@
- #include <boost/cstdint.hpp>
- #include <boost/log/detail/header.hpp>
- 
-+#if !defined(__AVX2__)
-+#error "AVX2 Unsupported!"
-+#endif
-+
- #if defined(__x86_64) || defined(__x86_64__) || \
-     defined(__amd64__) || defined(__amd64) || \
-     defined(_M_X64)
-diff --git a/libs/log/src/dump_ssse3.cpp b/libs/log/src/dump_ssse3.cpp
-index 1325b49..60d4112 100644
---- a/libs/log/src/dump_ssse3.cpp
-+++ b/libs/log/src/dump_ssse3.cpp
-@@ -22,6 +22,10 @@
- #include <boost/cstdint.hpp>
- #include <boost/log/detail/header.hpp>
- 
-+#if !defined(__SSSE3__)
-+#error "SSSE3 Unsupported!"
-+#endif
-+
- #if defined(__x86_64) || defined(__x86_64__) || \
-     defined(__amd64__) || defined(__amd64) || \
-     defined(_M_X64)
--- 
-2.8.0
diff --git a/poky/meta/recipes-support/boost/boost/arm-intrinsics.patch b/poky/meta/recipes-support/boost/boost/arm-intrinsics.patch
deleted file mode 100644
index fe85c69a8..000000000
--- a/poky/meta/recipes-support/boost/boost/arm-intrinsics.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-Upstream-Status: Backport
-
-8/17/2010 - rebased to 1.44 by Qing He <qing.he@intel.com>
-
-diff --git a/boost/smart_ptr/detail/atomic_count_sync.hpp b/boost/smart_ptr/detail/atomic_count_sync.hpp
-index b6359b5..78b1cc2 100644
---- a/boost/smart_ptr/detail/atomic_count_sync.hpp
-+++ b/boost/smart_ptr/detail/atomic_count_sync.hpp
-@@ -33,17 +33,46 @@ public:
- 
-     long operator++()
-     {
-+#ifdef __ARM_ARCH_7A__
-+       int v1, tmp;
-+       asm volatile ("1:                 \n\t"
-+                     "ldrex   %0, %1     \n\t"
-+                     "add     %0 ,%0, #1 \n\t"
-+                     "strex   %2, %0, %1 \n\t"
-+                     "cmp     %2, #0     \n\t"
-+                     "bne     1b         \n\t"
-+                     : "=&r" (v1), "+Q"(value_), "=&r"(tmp)
-+                    );
-+#else
-         return __sync_add_and_fetch( &value_, 1 );
-+#endif
-     }
- 
-     long operator--()
-     {
-+#ifdef __ARM_ARCH_7A__
-+       int v1, tmp;
-+       asm volatile ("1:                 \n\t"
-+                     "ldrex   %0, %1     \n\t"
-+                     "sub     %0 ,%0, #1 \n\t"
-+                     "strex   %2, %0, %1 \n\t"
-+                     "cmp     %2, #0     \n\t"
-+                     "bne     1b         \n\t"
-+                     : "=&r" (v1), "+Q"(value_), "=&r"(tmp)
-+                    );
-+       return value_;
-+#else
-         return __sync_add_and_fetch( &value_, -1 );
-+#endif
-     }
- 
-     operator long() const
-     {
-+#if __ARM_ARCH_7A__
-+        return value_;
-+#else
-         return __sync_fetch_and_add( &value_, 0 );
-+#endif
-     }
- 
- private:
diff --git a/poky/meta/recipes-support/boost/boost_1.74.0.bb b/poky/meta/recipes-support/boost/boost_1.75.0.bb
index b01b390a5..23b0ffc67 100644
--- a/poky/meta/recipes-support/boost/boost_1.74.0.bb
+++ b/poky/meta/recipes-support/boost/boost_1.75.0.bb
@@ -1,10 +1,9 @@
 require boost-${PV}.inc
 require boost.inc
 
-SRC_URI += "file://arm-intrinsics.patch \
+SRC_URI += " \
            file://boost-CVE-2012-2677.patch \
            file://boost-math-disable-pch-for-gcc.patch \
-           file://0001-Apply-boost-1.62.0-no-forced-flags.patch.patch \
            file://0001-Don-t-set-up-arch-instruction-set-flags-we-do-that-o.patch \
            file://0001-dont-setup-compiler-flags-m32-m64.patch \
            file://0001-fiber-libs-Define-SYS_futex-if-it-does-not-exist.patch \
diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch b/poky/meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch
deleted file mode 100644
index aa2c85ff4..000000000
--- a/poky/meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From b6d18ca77f131cdcaa10d0eaa9d303399767edf6 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex.kanavin@gmail.com>
-Date: Wed, 28 Aug 2019 19:18:14 +0200
-Subject: [PATCH] certdata2pem.py: use python3
-
-Comments in that file imply it is already py3 compatible.
-
-Upstream-Status: Pending
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
----
- mozilla/Makefile        | 2 +-
- mozilla/certdata2pem.py | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/mozilla/Makefile b/mozilla/Makefile
-index 6f46118..f98877c 100644
---- a/mozilla/Makefile
-+++ b/mozilla/Makefile
-@@ -3,7 +3,7 @@
- #
- 
- all:
--	python certdata2pem.py
-+	python3 certdata2pem.py
- 
- clean:
- 	-rm -f *.crt
-diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
-index 0b02b2a..7d796f1 100644
---- a/mozilla/certdata2pem.py
-+++ b/mozilla/certdata2pem.py
-@@ -1,4 +1,4 @@
--#!/usr/bin/python
-+#!/usr/bin/python3
- # vim:set et sw=4:
- #
- # certdata2pem.py - splits certdata.txt into multiple files
diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb b/poky/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb
index 6f39df798..888a235c1 100644
--- a/poky/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb
+++ b/poky/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb
@@ -14,7 +14,7 @@ DEPENDS_class-nativesdk = "openssl-native"
 # Need rehash from openssl and run-parts from debianutils
 PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
 
-SRCREV = "b3a8980b781bc9a370e42714a605cd4191bb6c0b"
+SRCREV = "181be7ebd169b4a6fb5d90c3e6dc791e90534144"
 
 SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \
            file://0002-update-ca-certificates-use-SYSROOT.patch \
@@ -23,7 +23,6 @@ SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \
            file://default-sysroot.patch \
            file://sbindir.patch \
            file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \
-           file://0001-certdata2pem.py-use-python3.patch \
            "
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+)"
 
diff --git a/poky/meta/recipes-support/curl/curl_7.73.0.bb b/poky/meta/recipes-support/curl/curl_7.74.0.bb
index 0f26b0f1a..873bbe814 100644
--- a/poky/meta/recipes-support/curl/curl_7.73.0.bb
+++ b/poky/meta/recipes-support/curl/curl_7.74.0.bb
@@ -9,7 +9,7 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
            file://0001-replace-krb5-config-with-pkg-config.patch \
 "
 
-SRC_URI[sha256sum] = "cf34fe0b07b800f1c01a499a6e8b2af548f6d0e044dca4a29d88a4bee146d131"
+SRC_URI[sha256sum] = "0f4d63e6681636539dc88fa8e929f934cd3a840c46e0bf28c73be11e521b77a5"
 
 # Curl has used many names over the years...
 CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
diff --git a/poky/meta/recipes-support/diffoscope/diffoscope_161.bb b/poky/meta/recipes-support/diffoscope/diffoscope_164.bb
index 0f566a3ec..7707c441c 100644
--- a/poky/meta/recipes-support/diffoscope/diffoscope_161.bb
+++ b/poky/meta/recipes-support/diffoscope/diffoscope_164.bb
@@ -7,7 +7,7 @@ PYPI_PACKAGE = "diffoscope"
 
 inherit pypi setuptools3
 
-SRC_URI[sha256sum] = "9c27d60a7bf3984b53c8af3fee86eb3d3e2292c4ddb9449c38b6cba068b8e22c"
+SRC_URI[sha256sum] = "bc269a39ec72261d9fead55bd951f6cbbe3d2ccce1481f974665999a5b141fff"
 
 RDEPENDS_${PN} += "binutils vim squashfs-tools python3-libarchive-c python3-magic"
 
diff --git a/poky/meta/recipes-support/enchant/enchant2_2.2.13.bb b/poky/meta/recipes-support/enchant/enchant2_2.2.15.bb
index 3b890e733..05e84fc72 100644
--- a/poky/meta/recipes-support/enchant/enchant2_2.2.13.bb
+++ b/poky/meta/recipes-support/enchant/enchant2_2.2.15.bb
@@ -9,7 +9,7 @@ DEPENDS = "glib-2.0"
 inherit autotools pkgconfig
 
 SRC_URI = "https://github.com/AbiWord/enchant/releases/download/v${PV}/enchant-${PV}.tar.gz"
-SRC_URI[sha256sum] = "eab9f90d79039133660029616e2a684644bd524be5dc43340d4cfc3fb3c68a20"
+SRC_URI[sha256sum] = "3b0f2215578115f28e2a6aa549b35128600394304bd79d6f28b0d3b3d6f46c03"
 
 UPSTREAM_CHECK_URI = "https://github.com/AbiWord/enchant/releases"
 
diff --git a/poky/meta/recipes-support/gdbm/files/gdbm-fix-link-failure-against-gcc-10.patch b/poky/meta/recipes-support/gdbm/files/gdbm-fix-link-failure-against-gcc-10.patch
deleted file mode 100644
index c1580418d..000000000
--- a/poky/meta/recipes-support/gdbm/files/gdbm-fix-link-failure-against-gcc-10.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From f993697af81c37df9c55e0ebedeb1b8b880506ae Mon Sep 17 00:00:00 2001
-From: Richard Leitner <richard.leitner@skidata.com>
-Date: Tue, 5 May 2020 11:59:42 +0200
-Subject: [PATCH] gdbm: fix link failure against gcc-10
-
-Copied from gentoo's solution at https://bugs.gentoo.org/show_bug.cgi?id=705898
-Original patch by Sergei Trofimovich <slyfox@gentoo.org>
-
-Original description:
-
-Before the change on gcc-10 link failed as:
-```
-  CCLD     gdbmtool
-ld: ./libgdbmapp.a(parseopt.o):(.bss+0x8): multiple definition of `parseopt_program_args';
-  gdbmtool.o:(.data.rel.local+0x260): first defined here
-ld: ./libgdbmapp.a(parseopt.o):(.bss+0x10): multiple definition of `parseopt_program_doc';
-  gdbmtool.o:(.data.rel.local+0x268): first defined here
-```
-
-gcc-10 will change the default from -fcommon to fno-common:
-    https://gcc.gnu.org/PR85678.
-
-The fix is to avoid multiple definition and rely on
-declarations only.
-
-Upstream-Status: Pending
-Signed-off-by: Richard Leitner <richard.leitner@skidata.com>
----
- src/parseopt.c | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/src/parseopt.c b/src/parseopt.c
-index 268e080..a4c8576 100644
---- a/src/parseopt.c
-+++ b/src/parseopt.c
-@@ -255,8 +255,6 @@ print_option_descr (const char *descr, size_t lmargin, size_t rmargin)
- }
- 
- char *parseopt_program_name;
--char *parseopt_program_doc;
--char *parseopt_program_args;
- const char *program_bug_address = "<" PACKAGE_BUGREPORT ">";
- void (*parseopt_help_hook) (FILE *stream);
- 
--- 
-2.26.2
-
diff --git a/poky/meta/recipes-support/gdbm/gdbm_1.18.1.bb b/poky/meta/recipes-support/gdbm/gdbm_1.19.bb
index fbb1fe72d..1f390a4aa 100644
--- a/poky/meta/recipes-support/gdbm/gdbm_1.18.1.bb
+++ b/poky/meta/recipes-support/gdbm/gdbm_1.19.bb
@@ -8,11 +8,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=241da1b9fe42e642cbb2c24d5e0c4d24"
 SRC_URI = "${GNU_MIRROR}/gdbm/gdbm-${PV}.tar.gz \
            file://run-ptest \
            file://ptest.patch \
-           file://gdbm-fix-link-failure-against-gcc-10.patch \
           "
 
-SRC_URI[md5sum] = "988dc82182121c7570e0cb8b4fcd5415"
-SRC_URI[sha256sum] = "86e613527e5dba544e73208f42b78b7c022d4fa5a6d5498bf18c8d6f745b91dc"
+SRC_URI[md5sum] = "aeb29c6a90350a4c959cd1df38cd0a7e"
+SRC_URI[sha256sum] = "37ed12214122b972e18a0d94995039e57748191939ef74115b1d41d8811364bc"
 
 inherit autotools gettext texinfo lib_package ptest
 
diff --git a/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch b/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
index c641a1961..a0af2d48d 100644
--- a/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
+++ b/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
@@ -1,4 +1,4 @@
-From 56343af532389c31eab32c096c9a989c53c78ce0 Mon Sep 17 00:00:00 2001
+From abc5c396aaddaef2e6811362e3e0cc0da28c2b34 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Mon, 22 Jan 2018 18:00:21 +0200
 Subject: [PATCH] configure.ac: use a custom value for the location of
@@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/configure.ac b/configure.ac
-index 1d05d39..eaaf33c 100644
+index 64cb8c6..3fe9027 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -1858,7 +1858,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
+@@ -1824,7 +1824,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
  
  AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool])
  
diff --git a/poky/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch b/poky/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch
index 607a09f18..a13b4d5fb 100644
--- a/poky/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch
+++ b/poky/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch
@@ -1,4 +1,4 @@
-From 9a901dbb1c48685f2db6d7b55916c9484e871f16 Mon Sep 17 00:00:00 2001
+From 6c75656b68cb6e38b039ae532bd39437cd6daec5 Mon Sep 17 00:00:00 2001
 From: Saul Wold <sgw@linux.intel.com>
 Date: Wed, 16 Aug 2017 11:18:01 +0800
 Subject: [PATCH] dirmngr uses libgpg error
@@ -11,20 +11,18 @@ Rebase to 2.1.23
 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
 
 ---
- dirmngr/Makefile.am | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
+ dirmngr/Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
 
 diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
-index 208a813..292c036 100644
+index 00d3c42..450d873 100644
 --- a/dirmngr/Makefile.am
 +++ b/dirmngr/Makefile.am
-@@ -90,7 +90,8 @@ endif
- dirmngr_LDADD = $(libcommonpth) \
+@@ -101,6 +101,7 @@ dirmngr_LDADD = $(libcommonpth) \
          $(DNSLIBS) $(LIBASSUAN_LIBS) \
  	$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(NPTH_LIBS) \
--	$(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS)
-+	$(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS) \
-+	$(GPG_ERROR_LIBS)
+ 	$(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS) \
++	$(GPG_ERROR_LIBS) \
+         $(dirmngr_robj)
  if USE_LDAP
  dirmngr_LDADD += $(ldaplibs)
- endif
diff --git a/poky/meta/recipes-support/gnupg/gnupg/relocate.patch b/poky/meta/recipes-support/gnupg/gnupg/relocate.patch
index aa8d1e3cc..7f7812cd4 100644
--- a/poky/meta/recipes-support/gnupg/gnupg/relocate.patch
+++ b/poky/meta/recipes-support/gnupg/gnupg/relocate.patch
@@ -1,4 +1,4 @@
-From 4005b3342db06749453835720b5a5c2392a90810 Mon Sep 17 00:00:00 2001
+From bd66af2ac7bb6d9294ac8055a55462ba7c4f9c9b Mon Sep 17 00:00:00 2001
 From: Ross Burton <ross.burton@intel.com>
 Date: Wed, 19 Sep 2018 14:44:40 +0100
 Subject: [PATCH] Allow the environment to override where gnupg looks for its
diff --git a/poky/meta/recipes-support/gnupg/gnupg_2.2.23.bb b/poky/meta/recipes-support/gnupg/gnupg_2.2.27.bb
index c624b67a0..8b5fc9983 100644
--- a/poky/meta/recipes-support/gnupg/gnupg_2.2.23.bb
+++ b/poky/meta/recipes-support/gnupg/gnupg_2.2.27.bb
@@ -20,7 +20,7 @@ SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-
                                 file://relocate.patch"
 SRC_URI_append_class-nativesdk = " file://relocate.patch"
 
-SRC_URI[sha256sum] = "10b55e49d78b3e49f1edb58d7541ecbdad92ddaeeb885b6f486ed23d1cd1da5c"
+SRC_URI[sha256sum] = "34e60009014ea16402069136e0a5f63d9b65f90096244975db5cea74b3d02399"
 
 EXTRA_OECONF = "--disable-ldap \
 		--disable-ccid-driver \
diff --git a/poky/meta/recipes-support/gnutls/gnutls/arm_eabi.patch b/poky/meta/recipes-support/gnutls/gnutls/arm_eabi.patch
index 34c8985c1..6eb1edbdb 100644
--- a/poky/meta/recipes-support/gnutls/gnutls/arm_eabi.patch
+++ b/poky/meta/recipes-support/gnutls/gnutls/arm_eabi.patch
@@ -1,3 +1,8 @@
+From 8a5c96057cf305bbeac0d6e0e59ee24fbb9497fe Mon Sep 17 00:00:00 2001
+From: Joe Slater <jslater@windriver.com>
+Date: Wed, 25 Jan 2017 13:52:59 -0800
+Subject: [PATCH] gnutls: account for ARM_EABI
+
 Certain syscall's are not availabe for arm-eabi, so we eliminate
 reference to them.
 
@@ -5,12 +10,18 @@ Upstream-Status: Pending
 
 Signed-off-by: Joe Slater <jslater@windriver.com>
 
+---
+ tests/seccomp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tests/seccomp.c b/tests/seccomp.c
+index ed14d00..3c5b726 100644
 --- a/tests/seccomp.c
 +++ b/tests/seccomp.c
-@@ -49,7 +49,9 @@ int disable_system_calls(void)
- 	}
+@@ -53,7 +53,9 @@ int disable_system_calls(void)
  
  	ADD_SYSCALL(nanosleep, 0);
+ 	ADD_SYSCALL(clock_nanosleep, 0);
 +#if ! defined(__ARM_EABI__)
  	ADD_SYSCALL(time, 0);
 +#endif
diff --git a/poky/meta/recipes-support/gnutls/gnutls_3.6.15.bb b/poky/meta/recipes-support/gnutls/gnutls_3.7.0.bb
index b936db50d..e3ca86b93 100644
--- a/poky/meta/recipes-support/gnutls/gnutls_3.6.15.bb
+++ b/poky/meta/recipes-support/gnutls/gnutls_3.7.0.bb
@@ -21,7 +21,7 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
            file://arm_eabi.patch \
            "
 
-SRC_URI[sha256sum] = "0ea8c3283de8d8335d7ae338ef27c53a916f15f382753b174c18b45ffd481558"
+SRC_URI[sha256sum] = "49e2a22691d252c9f24a9829b293a8f359095bc5a818351f05f1c0a5188a1df8"
 
 inherit autotools texinfo pkgconfig gettext lib_package gtk-doc
 
diff --git a/poky/meta/recipes-support/gpgme/gpgme/0001-Revert-build-Make-gpgme.m4-use-gpgrt-config-with-.pc.patch b/poky/meta/recipes-support/gpgme/gpgme/0001-Revert-build-Make-gpgme.m4-use-gpgrt-config-with-.pc.patch
index 0ed4eb681..0c15cc7c3 100644
--- a/poky/meta/recipes-support/gpgme/gpgme/0001-Revert-build-Make-gpgme.m4-use-gpgrt-config-with-.pc.patch
+++ b/poky/meta/recipes-support/gpgme/gpgme/0001-Revert-build-Make-gpgme.m4-use-gpgrt-config-with-.pc.patch
@@ -11,11 +11,11 @@ Upstream-Status: Inappropriate [oe-core specific]
 
 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
 ---
- src/gpgme.m4 | 58 ++++++++++------------------------------------------------
+ src/gpgme.m4 | 58 +++++++++-------------------------------------------
  1 file changed, 10 insertions(+), 48 deletions(-)
 
 diff --git a/src/gpgme.m4 b/src/gpgme.m4
-index 2a72f18..6c2be44 100644
+index c749a5d..8579146 100644
 --- a/src/gpgme.m4
 +++ b/src/gpgme.m4
 @@ -1,5 +1,5 @@
@@ -29,7 +29,7 @@ index 2a72f18..6c2be44 100644
  # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
  # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  #
--# Last-changed: 2018-11-12
+-# Last-changed: 2020-11-20
 +# Last-changed: 2014-10-02
  
  
@@ -130,5 +130,5 @@ index 2a72f18..6c2be44 100644
      ifelse([$2], , :, [$2])
      _AM_PATH_GPGME_CONFIG_HOST_CHECK
 -- 
-2.7.4
+2.25.1
 
diff --git a/poky/meta/recipes-support/gpgme/gpgme_1.15.0.bb b/poky/meta/recipes-support/gpgme/gpgme_1.15.1.bb
index 9264af8c5..dc38aa8e3 100644
--- a/poky/meta/recipes-support/gpgme/gpgme_1.15.0.bb
+++ b/poky/meta/recipes-support/gpgme/gpgme_1.15.1.bb
@@ -22,7 +22,7 @@ SRC_URI = "${GNUPG_MIRROR}/gpgme/${BP}.tar.bz2 \
            file://0008-do-not-auto-check-var-PYTHON.patch \
           "
 
-SRC_URI[sha256sum] = "0b472bc12c7d455906c8a539ec56da0a6480ef1c3a87aa5b74d7125df68d0e5b"
+SRC_URI[sha256sum] = "eebc3c1b27f1c8979896ff361ba9bb4778b508b2496c2fc10e3775a40b1de1ad"
 
 DEPENDS = "libgpg-error libassuan"
 RDEPENDS_${PN}-cpp += "libstdc++"
diff --git a/poky/meta/recipes-support/icu/icu_68.1.bb b/poky/meta/recipes-support/icu/icu_68.2.bb
index 98aa6b7be..1ca87feee 100644
--- a/poky/meta/recipes-support/icu/icu_68.1.bb
+++ b/poky/meta/recipes-support/icu/icu_68.2.bb
@@ -112,8 +112,8 @@ SRC_URI = "${BASE_SRC_URI};name=code \
 SRC_URI_append_class-target = "\
            file://0001-Disable-LDFLAGSICUDT-for-Linux.patch \
           "
-SRC_URI[code.sha256sum] = "a9f2e3d8b4434b8e53878b4308bd1e6ee51c9c7042e2b1a376abefb6fbb29f2d"
-SRC_URI[data.sha256sum] = "03ea8b4694155620548c8c0ba20444f1e7db246cc79e3b9c4fc7a960b160d510"
+SRC_URI[code.sha256sum] = "c79193dee3907a2199b8296a93b52c5cb74332c26f3d167269487680d479d625"
+SRC_URI[data.sha256sum] = "2989b466fa010edc41297e12fdd5ae47c2610ad68b63af1a0bd2a1acfaf497f3"
 
 UPSTREAM_CHECK_REGEX = "icu4c-(?P<pver>\d+(_\d+)+)-src"
 UPSTREAM_CHECK_URI = "https://github.com/unicode-org/icu/releases"
diff --git a/poky/meta/recipes-support/itstool/itstool_2.0.6.bb b/poky/meta/recipes-support/itstool/itstool_2.0.6.bb
index 5f358f463..c52aa7941 100644
--- a/poky/meta/recipes-support/itstool/itstool_2.0.6.bb
+++ b/poky/meta/recipes-support/itstool/itstool_2.0.6.bb
@@ -18,4 +18,3 @@ SRC_URI[sha256sum] = "6233cc22726a9a5a83664bf67d1af79549a298c23185d926c3677afa91
 BBCLASSEXTEND = "native nativesdk"
 
 RDEPENDS_${PN} += "libxml2-python"
-RDEPENDS_${PN}_class-native = ""
diff --git a/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.8.1.bb b/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.8.2.bb
index 43f76dc56..43f76dc56 100644
--- a/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.8.1.bb
+++ b/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.8.2.bb
diff --git a/poky/meta/recipes-support/libcap-ng/libcap-ng.inc b/poky/meta/recipes-support/libcap-ng/libcap-ng.inc
index a312b602f..8c52b5d0b 100644
--- a/poky/meta/recipes-support/libcap-ng/libcap-ng.inc
+++ b/poky/meta/recipes-support/libcap-ng/libcap-ng.inc
@@ -7,10 +7,10 @@ LICENSE = "GPLv2+ & LGPLv2.1+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
 		    file://COPYING.LIB;md5=e3eda01d9815f8d24aae2dbd89b68b06"
 
-SRC_URI = "http://people.redhat.com/sgrubb/libcap-ng/libcap-ng-${PV}.tar.gz \
+SRC_URI = "https://people.redhat.com/sgrubb/libcap-ng/libcap-ng-${PV}.tar.gz \
            file://python.patch \
 "
 
-SRC_URI[sha256sum] = "f06b17aaca029e245c9a26c698c6cc8a1cf42b58483d93e94ee02b478bdc1055"
+SRC_URI[sha256sum] = "52c083b77c2b0d8449dee141f9c3eba76e6d4c5ad44ef05df25891126cb85ae9"
 
 BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-support/libcap-ng/libcap-ng_0.8.1.bb b/poky/meta/recipes-support/libcap-ng/libcap-ng_0.8.2.bb
index 6e6de4549..6e6de4549 100644
--- a/poky/meta/recipes-support/libcap-ng/libcap-ng_0.8.1.bb
+++ b/poky/meta/recipes-support/libcap-ng/libcap-ng_0.8.2.bb
diff --git a/poky/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch b/poky/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch
index 3c737b884..d2653afb7 100644
--- a/poky/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch
+++ b/poky/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch
@@ -1,4 +1,4 @@
-From c22c6c16362c7dbc8d6faea06edee5e07759c5fa Mon Sep 17 00:00:00 2001
+From 6aa15fe548e5b1d6ca3b373779beb7521ea95ba9 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Wed, 15 Jan 2020 17:16:28 +0100
 Subject: [PATCH] tests: do not statically link a test
@@ -7,7 +7,6 @@ This fails on e.g. centos 7
 
 Upstream-Status: Inappropriate [oe-core specific]
 Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
-
 ---
  progs/Makefile | 2 +-
  tests/Makefile | 4 ++--
@@ -27,7 +26,7 @@ index 1d7fc7a..37db8f7 100644
  sudotest: test tcapsh-static
  	sudo $(LDPATH) ./quicktest.sh
 diff --git a/tests/Makefile b/tests/Makefile
-index 3431df9..727fb86 100644
+index 01f7589..094ec57 100644
 --- a/tests/Makefile
 +++ b/tests/Makefile
 @@ -22,7 +22,7 @@ ifeq ($(PTHREADS),yes)
@@ -36,7 +35,7 @@ index 3431df9..727fb86 100644
  else
 -LDFLAGS += --static
 +LDFLAGS +=
- DEPS=../libcap/libcap.a ../progs/tcapsh-static
+ DEPS=../libcap/libcap.a
  ifeq ($(PTHREADS),yes)
  DEPS +=  ../libcap/libpsx.a
 @@ -106,7 +106,7 @@ noexploit: exploit.o $(DEPS)
@@ -48,3 +47,6 @@ index 3431df9..727fb86 100644
  
  clean:
  	rm -f psx_test libcap_psx_test libcap_launch_test *~
+-- 
+2.17.1
+
diff --git a/poky/meta/recipes-support/libcap/libcap_2.45.bb b/poky/meta/recipes-support/libcap/libcap_2.47.bb
index 067ba32d9..bc4754eab 100644
--- a/poky/meta/recipes-support/libcap/libcap_2.45.bb
+++ b/poky/meta/recipes-support/libcap/libcap_2.47.bb
@@ -12,7 +12,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${
            file://0002-tests-do-not-run-target-executables.patch \
            file://0001-tests-do-not-statically-link-a-test.patch \
            "
-SRC_URI[sha256sum] = "d66639f765c0e10557666b00f519caf0bd07a95f867dddaee131cd284fac3286"
+SRC_URI[sha256sum] = "af165df45f9fe8b315164ec7143740947489f36ccbe6999b6cdf86e7a8dca04b"
 
 UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/"
 
diff --git a/poky/meta/recipes-support/libcroco/files/CVE-2020-12825.patch b/poky/meta/recipes-support/libcroco/files/CVE-2020-12825.patch
new file mode 100644
index 000000000..42f92e360
--- /dev/null
+++ b/poky/meta/recipes-support/libcroco/files/CVE-2020-12825.patch
@@ -0,0 +1,192 @@
+From fdf78a4877afa987ba646a8779b513f258e6d04c Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@gnome.org>
+Date: Fri, 31 Jul 2020 15:21:53 -0500
+Subject: [PATCH] libcroco: Limit recursion in block and any productions
+
+ (CVE-2020-12825)
+
+If we don't have any limits, we can recurse forever and overflow the
+stack.
+
+Fixes #8
+This is per https://gitlab.gnome.org/Archive/libcroco/-/issues/8
+
+https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1404
+
+CVE: CVE-2020-12825
+Upstream-Status: Backport [https://gitlab.gnome.org/Archive/libcroco/-/commit/6eb257e5c731c691eb137fca94e916ca73941a5a]
+Comment: No refreshing changes done.
+Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com>
+
+---
+ src/cr-parser.c | 44 +++++++++++++++++++++++++++++---------------
+ 1 file changed, 29 insertions(+), 15 deletions(-)
+
+diff --git a/src/cr-parser.c b/src/cr-parser.c
+index 18c9a01..f4a62e3 100644
+--- a/src/cr-parser.c
++++ b/src/cr-parser.c
+@@ -136,6 +136,8 @@ struct _CRParserPriv {
+ 
+ #define CHARS_TAB_SIZE 12
+ 
++#define RECURSIVE_CALLERS_LIMIT 100
++
+ /**
+  * IS_NUM:
+  *@a_char: the char to test.
+@@ -344,9 +346,11 @@ static enum CRStatus cr_parser_parse_selector_core (CRParser * a_this);
+ 
+ static enum CRStatus cr_parser_parse_declaration_core (CRParser * a_this);
+ 
+-static enum CRStatus cr_parser_parse_any_core (CRParser * a_this);
++static enum CRStatus cr_parser_parse_any_core (CRParser * a_this,
++                                               guint      n_calls);
+ 
+-static enum CRStatus cr_parser_parse_block_core (CRParser * a_this);
++static enum CRStatus cr_parser_parse_block_core (CRParser * a_this,
++                                                 guint      n_calls);
+ 
+ static enum CRStatus cr_parser_parse_value_core (CRParser * a_this);
+ 
+@@ -784,7 +788,7 @@ cr_parser_parse_atrule_core (CRParser * a_this)
+         cr_parser_try_to_skip_spaces_and_comments (a_this);
+ 
+         do {
+-                status = cr_parser_parse_any_core (a_this);
++                status = cr_parser_parse_any_core (a_this, 0);
+         } while (status == CR_OK);
+ 
+         status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr,
+@@ -795,7 +799,7 @@ cr_parser_parse_atrule_core (CRParser * a_this)
+                 cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, 
+                                       token);
+                 token = NULL;
+-                status = cr_parser_parse_block_core (a_this);
++                status = cr_parser_parse_block_core (a_this, 0);
+                 CHECK_PARSING_STATUS (status,
+                                       FALSE);
+                 goto done;
+@@ -930,11 +934,11 @@ cr_parser_parse_selector_core (CRParser * a_this)
+ 
+         RECORD_INITIAL_POS (a_this, &init_pos);
+ 
+-        status = cr_parser_parse_any_core (a_this);
++        status = cr_parser_parse_any_core (a_this, 0);
+         CHECK_PARSING_STATUS (status, FALSE);
+ 
+         do {
+-                status = cr_parser_parse_any_core (a_this);
++                status = cr_parser_parse_any_core (a_this, 0);
+ 
+         } while (status == CR_OK);
+ 
+@@ -956,10 +960,12 @@ cr_parser_parse_selector_core (CRParser * a_this)
+  *in chapter 4.1 of the css2 spec.
+  *block ::= '{' S* [ any | block | ATKEYWORD S* | ';' ]* '}' S*;
+  *@param a_this the current instance of #CRParser.
++ *@param n_calls used to limit recursion depth
+  *FIXME: code this function.
+  */
+ static enum CRStatus
+-cr_parser_parse_block_core (CRParser * a_this)
++cr_parser_parse_block_core (CRParser * a_this,
++                            guint      n_calls)
+ {
+         CRToken *token = NULL;
+         CRInputPos init_pos;
+@@ -967,6 +973,9 @@ cr_parser_parse_block_core (CRParser * a_this)
+ 
+         g_return_val_if_fail (a_this && PRIVATE (a_this), CR_BAD_PARAM_ERROR);
+ 
++        if (n_calls > RECURSIVE_CALLERS_LIMIT)
++                return CR_ERROR;
++
+         RECORD_INITIAL_POS (a_this, &init_pos);
+ 
+         status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token);
+@@ -996,13 +1005,13 @@ cr_parser_parse_block_core (CRParser * a_this)
+         } else if (token->type == CBO_TK) {
+                 cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token);
+                 token = NULL;
+-                status = cr_parser_parse_block_core (a_this);
++                status = cr_parser_parse_block_core (a_this, n_calls + 1);
+                 CHECK_PARSING_STATUS (status, FALSE);
+                 goto parse_block_content;
+         } else {
+                 cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token);
+                 token = NULL;
+-                status = cr_parser_parse_any_core (a_this);
++                status = cr_parser_parse_any_core (a_this, n_calls + 1);
+                 CHECK_PARSING_STATUS (status, FALSE);
+                 goto parse_block_content;
+         }
+@@ -1109,7 +1118,7 @@ cr_parser_parse_value_core (CRParser * a_this)
+                 status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
+                                                token);
+                 token = NULL;
+-                status = cr_parser_parse_block_core (a_this);
++                status = cr_parser_parse_block_core (a_this, 0);
+                 CHECK_PARSING_STATUS (status, FALSE);
+                 ref++;
+                 goto continue_parsing;
+@@ -1123,7 +1132,7 @@ cr_parser_parse_value_core (CRParser * a_this)
+                 status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
+                                                token);
+                 token = NULL;
+-                status = cr_parser_parse_any_core (a_this);
++                status = cr_parser_parse_any_core (a_this, 0);
+                 if (status == CR_OK) {
+                         ref++;
+                         goto continue_parsing;
+@@ -1162,10 +1171,12 @@ cr_parser_parse_value_core (CRParser * a_this)
+  *        | FUNCTION | DASHMATCH | '(' any* ')' | '[' any* ']' ] S*;
+  *
+  *@param a_this the current instance of #CRParser.
++ *@param n_calls used to limit recursion depth
+  *@return CR_OK upon successfull completion, an error code otherwise.
+  */
+ static enum CRStatus
+-cr_parser_parse_any_core (CRParser * a_this)
++cr_parser_parse_any_core (CRParser * a_this,
++                          guint      n_calls)
+ {
+         CRToken *token1 = NULL,
+                 *token2 = NULL;
+@@ -1174,6 +1185,9 @@ cr_parser_parse_any_core (CRParser * a_this)
+ 
+         g_return_val_if_fail (a_this, CR_BAD_PARAM_ERROR);
+ 
++        if (n_calls > RECURSIVE_CALLERS_LIMIT)
++                return CR_ERROR;
++
+         RECORD_INITIAL_POS (a_this, &init_pos);
+ 
+         status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token1);
+@@ -1212,7 +1226,7 @@ cr_parser_parse_any_core (CRParser * a_this)
+                  *We consider parameter as being an "any*" production.
+                  */
+                 do {
+-                        status = cr_parser_parse_any_core (a_this);
++                        status = cr_parser_parse_any_core (a_this, n_calls + 1);
+                 } while (status == CR_OK);
+ 
+                 ENSURE_PARSING_COND (status == CR_PARSING_ERROR);
+@@ -1237,7 +1251,7 @@ cr_parser_parse_any_core (CRParser * a_this)
+                 }
+ 
+                 do {
+-                        status = cr_parser_parse_any_core (a_this);
++                        status = cr_parser_parse_any_core (a_this, n_calls + 1);
+                 } while (status == CR_OK);
+ 
+                 ENSURE_PARSING_COND (status == CR_PARSING_ERROR);
+@@ -1265,7 +1279,7 @@ cr_parser_parse_any_core (CRParser * a_this)
+                 }
+ 
+                 do {
+-                        status = cr_parser_parse_any_core (a_this);
++                        status = cr_parser_parse_any_core (a_this, n_calls + 1);
+                 } while (status == CR_OK);
+ 
+                 ENSURE_PARSING_COND (status == CR_PARSING_ERROR);
diff --git a/poky/meta/recipes-support/libcroco/libcroco_0.6.13.bb b/poky/meta/recipes-support/libcroco/libcroco_0.6.13.bb
index 9171a9de5..a443ff23f 100644
--- a/poky/meta/recipes-support/libcroco/libcroco_0.6.13.bb
+++ b/poky/meta/recipes-support/libcroco/libcroco_0.6.13.bb
@@ -18,3 +18,6 @@ inherit gnomebase gtk-doc binconfig-disabled
 
 SRC_URI[archive.md5sum] = "c80c5a8385011a0260dce6bd0da93dce"
 SRC_URI[archive.sha256sum] = "767ec234ae7aa684695b3a735548224888132e063f92db585759b422570621d4"
+
+SRC_URI +="file://CVE-2020-12825.patch \
+"
diff --git a/poky/meta/recipes-support/libevdev/libevdev_1.10.0.bb b/poky/meta/recipes-support/libevdev/libevdev_1.10.1.bb
index 2620cbe9f..353ded6f2 100644
--- a/poky/meta/recipes-support/libevdev/libevdev_1.10.0.bb
+++ b/poky/meta/recipes-support/libevdev/libevdev_1.10.1.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=75aae0d38feea6fda97ca381cb9132eb \
 
 SRC_URI = "http://www.freedesktop.org/software/libevdev/${BP}.tar.xz \
            file://determinism.patch"
-SRC_URI[sha256sum] = "3522c26e2c148be0ad68ce26fbced408a4185dea90bfe8079dc82b8ace962d4a"
+SRC_URI[sha256sum] = "0330fe8357ece915db9366c1b9a6648941aea6f724b73ad6e71401127aa08932"
 
 inherit autotools pkgconfig
 
diff --git a/poky/meta/recipes-support/libexif/files/CVE-2020-0198.patch b/poky/meta/recipes-support/libexif/files/CVE-2020-0198.patch
new file mode 100644
index 000000000..2a48844cb
--- /dev/null
+++ b/poky/meta/recipes-support/libexif/files/CVE-2020-0198.patch
@@ -0,0 +1,66 @@
+From ca71eda33fe8421f98fbe20eb4392473357c1c43 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Wed, 30 Dec 2020 10:22:47 +0800
+Subject: [PATCH] fixed another unsigned integer overflow
+
+first fixed by google in android fork,
+https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/#F0
+
+(use a more generic overflow check method, also check second overflow instance.)
+
+https://security-tracker.debian.org/tracker/CVE-2020-0198
+
+Upstream-Status: Backport[https://github.com/libexif/libexif/commit/ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c]
+CVE: CVE-2020-0198
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libexif/exif-data.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/libexif/exif-data.c b/libexif/exif-data.c
+index 8b280d3..34d58fc 100644
+--- a/libexif/exif-data.c
++++ b/libexif/exif-data.c
+@@ -47,6 +47,8 @@
+ #undef JPEG_MARKER_APP1
+ #define JPEG_MARKER_APP1 0xe1
+ 
++#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize ))
++
+ static const unsigned char ExifHeader[] = {0x45, 0x78, 0x69, 0x66, 0x00, 0x00};
+ 
+ struct _ExifDataPrivate
+@@ -327,7 +329,7 @@ exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
+ 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail offset (%u).", o);
+ 		return;
+ 	}
+-	if (s > ds - o) {
++	if (CHECKOVERFLOW(o,ds,s)) {
+ 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail size (%u), max would be %u.", s, ds-o);
+ 		return;
+ 	}
+@@ -420,9 +422,9 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
+ 	}
+ 
+ 	/* Read the number of entries */
+-	if ((offset + 2 < offset) || (offset + 2 < 2) || (offset + 2 > ds)) {
++	if (CHECKOVERFLOW(offset, ds, 2)) {
+ 		exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
+-			  "Tag data past end of buffer (%u > %u)", offset+2, ds);
++			  "Tag data past end of buffer (%u+2 > %u)", offset, ds);
+ 		return;
+ 	}
+ 	n = exif_get_short (d + offset, data->priv->order);
+@@ -431,7 +433,7 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
+ 	offset += 2;
+ 
+ 	/* Check if we have enough data. */
+-	if (offset + 12 * n > ds) {
++	if (CHECKOVERFLOW(offset, ds, 12*n)) {
+ 		n = (ds - offset) / 12;
+ 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
+ 				  "Short data; only loading %hu entries...", n);
+-- 
+2.17.1
+
diff --git a/poky/meta/recipes-support/libexif/files/CVE-2020-0452.patch b/poky/meta/recipes-support/libexif/files/CVE-2020-0452.patch
new file mode 100644
index 000000000..a117b8b36
--- /dev/null
+++ b/poky/meta/recipes-support/libexif/files/CVE-2020-0452.patch
@@ -0,0 +1,39 @@
+From 302acd49eba0a125b0f20692df6abc6f7f7ca53e Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Wed, 30 Dec 2020 10:18:51 +0800
+Subject: [PATCH] fixed a incorrect overflow check that could be optimized
+ away.
+
+inspired by:
+https://android.googlesource.com/platform/external/libexif/+/8e7345f3bc0bad06ac369d6cbc1124c8ceaf7d4b
+
+https://source.android.com/security/bulletin/2020-11-01
+
+CVE-2020-0452
+
+Upsteam-Status: Backport[https://github.com/libexif/libexif/commit/9266d14b5ca4e29b970fa03272318e5f99386e06]
+CVE: CVE-2020-0452
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libexif/exif-entry.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libexif/exif-entry.c b/libexif/exif-entry.c
+index 5de215f..3a6ce84 100644
+--- a/libexif/exif-entry.c
++++ b/libexif/exif-entry.c
+@@ -1371,8 +1371,8 @@ exif_entry_get_value (ExifEntry *e, char *val, unsigned int maxlen)
+ 	{
+ 		unsigned char *utf16;
+ 
+-		/* Sanity check the size to prevent overflow */
+-		if (e->size+sizeof(uint16_t)+1 < e->size) break;
++		/* Sanity check the size to prevent overflow. Note EXIF files are 64kb at most. */
++		if (e->size >= 65536 - sizeof(uint16_t)*2) break;
+ 
+ 		/* The tag may not be U+0000-terminated , so make a local
+ 		   U+0000-terminated copy before converting it */
+-- 
+2.17.1
+
diff --git a/poky/meta/recipes-support/libexif/libexif_0.6.22.bb b/poky/meta/recipes-support/libexif/libexif_0.6.22.bb
index 2478ba07d..dc30926c5 100644
--- a/poky/meta/recipes-support/libexif/libexif_0.6.22.bb
+++ b/poky/meta/recipes-support/libexif/libexif_0.6.22.bb
@@ -8,6 +8,8 @@ def version_underscore(v):
     return "_".join(v.split("."))
 
 SRC_URI = "https://github.com/libexif/libexif/releases/download/libexif-${@version_underscore("${PV}")}-release/libexif-${PV}.tar.xz \
+           file://CVE-2020-0198.patch \
+           file://CVE-2020-0452.patch \
            "
 
 SRC_URI[sha256sum] = "5048f1c8fc509cc636c2f97f4b40c293338b6041a5652082d5ee2cf54b530c56"
diff --git a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb
index 0cad41dfa..7db624a09 100644
--- a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb
+++ b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb
@@ -28,6 +28,9 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
 "
 SRC_URI[sha256sum] = "03b70f028299561b7034b8966d7dd77ef16ed139c43440925fe8782561974748"
 
+# Below whitelisted CVEs are disputed and not affecting crypto libraries for any distro.
+CVE_CHECK_WHITELIST += "CVE-2018-12433 CVE-2018-12438"
+
 BINCONFIG = "${bindir}/libgcrypt-config"
 
 inherit autotools texinfo binconfig-disabled pkgconfig
diff --git a/poky/meta/recipes-support/libgpg-error/libgpg-error/pkgconfig.patch b/poky/meta/recipes-support/libgpg-error/libgpg-error/pkgconfig.patch
index ca5f6b5c2..83054a9c4 100644
--- a/poky/meta/recipes-support/libgpg-error/libgpg-error/pkgconfig.patch
+++ b/poky/meta/recipes-support/libgpg-error/libgpg-error/pkgconfig.patch
@@ -11,18 +11,16 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
 
 Refactored for 1.33
 Signed-off-by: Armin Kuster <akuster808@gmail.com>
-
+Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
 ---
- configure.ac        |  1 +
- src/gpg-error.m4    | 71 +++--------------------------------------------------
- 4 files changed, 18 insertions(+), 69 deletions(-)
- create mode 100644 src/gpg-error.pc.in
+ src/gpg-error.m4 | 142 +----------------------------------------------
+ 1 file changed, 3 insertions(+), 139 deletions(-)
 
-Index: libgpg-error-1.33/src/gpg-error.m4
-===================================================================
---- libgpg-error-1.33.orig/src/gpg-error.m4
-+++ libgpg-error-1.33/src/gpg-error.m4
-@@ -26,139 +26,13 @@ dnl is added to the gpg_config_script_wa
+diff --git a/src/gpg-error.m4 b/src/gpg-error.m4
+index c9b235f..176bd6a 100644
+--- a/src/gpg-error.m4
++++ b/src/gpg-error.m4
+@@ -26,139 +26,12 @@ dnl is added to the gpg_config_script_warn variable.
  dnl
  AC_DEFUN([AM_PATH_GPG_ERROR],
  [ AC_REQUIRE([AC_CANONICAL_HOST])
@@ -31,12 +29,10 @@ Index: libgpg-error-1.33/src/gpg-error.m4
 -  dnl since that is consistent with how our three siblings use the directory/
 -  dnl package name in --with-$dir_name-prefix=PFX.
 -  AC_ARG_WITH(libgpg-error-prefix,
--              AC_HELP_STRING([--with-libgpg-error-prefix=PFX],
+-              AS_HELP_STRING([--with-libgpg-error-prefix=PFX],
 -                             [prefix where GPG Error is installed (optional)]),
 -              [gpg_error_config_prefix="$withval"])
-+  min_gpg_error_version=ifelse([$1], ,0.0,$1)
-+  PKG_CHECK_MODULES(GPG_ERROR, [gpg-error >= $min_gpg_error_version], [ok=yes], [ok=no])
- 
+-
 -  dnl Accept --with-gpg-error-prefix and make it work the same as
 -  dnl --with-libgpg-error-prefix above, for backwards compatibility,
 -  dnl but do not document this old, inconsistently-named option.
@@ -143,6 +139,8 @@ Index: libgpg-error-1.33/src/gpg-error.m4
 -    fi
 -  fi
 -  AC_MSG_CHECKING(for GPG Error - version >= $min_gpg_error_version)
++  min_gpg_error_version=ifelse([$1], ,0.0,$1)
++  PKG_CHECK_MODULES(GPG_ERROR, [gpg-error >= $min_gpg_error_version], [ok=yes], [ok=no])
    if test $ok = yes; then
 -    GPG_ERROR_CFLAGS=`$GPG_ERROR_CONFIG --cflags`
 -    GPG_ERROR_LIBS=`$GPG_ERROR_CONFIG --libs`
@@ -165,7 +163,7 @@ Index: libgpg-error-1.33/src/gpg-error.m4
      fi
      if test x"$gpg_error_config_host" != xnone ; then
        if test x"$gpg_error_config_host" != x"$host" ; then
-@@ -174,15 +48,6 @@ AC_DEFUN([AM_PATH_GPG_ERROR],
+@@ -174,15 +47,6 @@ AC_DEFUN([AM_PATH_GPG_ERROR],
        fi
      fi
    else
@@ -181,3 +179,6 @@ Index: libgpg-error-1.33/src/gpg-error.m4
 -  AC_SUBST(GPG_ERROR_MT_CFLAGS)
 -  AC_SUBST(GPG_ERROR_MT_LIBS)
  ])
+-- 
+2.25.1
+
diff --git a/poky/meta/recipes-support/libgpg-error/libgpg-error_1.39.bb b/poky/meta/recipes-support/libgpg-error/libgpg-error_1.41.bb
index f53056f5c..8205cb455 100644
--- a/poky/meta/recipes-support/libgpg-error/libgpg-error_1.39.bb
+++ b/poky/meta/recipes-support/libgpg-error/libgpg-error_1.41.bb
@@ -18,7 +18,7 @@ SRC_URI = "${GNUPG_MIRROR}/libgpg-error/libgpg-error-${PV}.tar.bz2 \
            file://0001-Do-not-fail-when-testing-config-scripts.patch \
            "
 
-SRC_URI[sha256sum] = "4a836edcae592094ef1c5a4834908f44986ab2b82e0824a0344b49df8cdb298f"
+SRC_URI[sha256sum] = "64b078b45ac3c3003d7e352a5e05318880a5778c42331ce1ef33d1a0d9922742"
 
 BINCONFIG = "${bindir}/gpg-error-config"
 
diff --git a/poky/meta/recipes-support/libjitterentropy/files/0001-Make-man-pages-reproducible.patch b/poky/meta/recipes-support/libjitterentropy/files/0001-Make-man-pages-reproducible.patch
deleted file mode 100644
index 57b336c0c..000000000
--- a/poky/meta/recipes-support/libjitterentropy/files/0001-Make-man-pages-reproducible.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From ce091718716400119d6be6bd637c0e3f4f6ca315 Mon Sep 17 00:00:00 2001
-From: Joshua Watt <JPEWhacker@gmail.com>
-Date: Thu, 21 Nov 2019 08:07:41 -0600
-Subject: [PATCH] Make man pages reproducible
-
-Instructs the man page to be gzip'ed without the file name or timestamp
-so that it builds reproducibly.
-
-Upstream-Status: Backport [https://github.com/smuellerDD/jitterentropy-library/pull/14]
-Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
----
- Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile b/Makefile
-index 2e78607..860b720 100644
---- a/Makefile
-+++ b/Makefile
-@@ -60,7 +60,7 @@ cppcheck:
- install:
- 	install -d -m 0755 $(DESTDIR)$(PREFIX)/share/man/man3
- 	install -m 644 doc/$(NAME).3 $(DESTDIR)$(PREFIX)/share/man/man3/
--	gzip -f -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3
-+	gzip -n -f -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3
- 	install -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
- 	$(INSTALL_STRIP) -m 0755 lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/
- 	install -d -m 0755 $(DESTDIR)$(PREFIX)/$(INCDIR)
--- 
-2.23.0
-
diff --git a/poky/meta/recipes-support/libjitterentropy/files/0001-Makefile-cleanup-install-for-rebuilds.patch b/poky/meta/recipes-support/libjitterentropy/files/0001-Makefile-cleanup-install-for-rebuilds.patch
deleted file mode 100644
index 9af334ce2..000000000
--- a/poky/meta/recipes-support/libjitterentropy/files/0001-Makefile-cleanup-install-for-rebuilds.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 060b9b4147f6e5ff386a8b017796118d783e59fa Mon Sep 17 00:00:00 2001
-From: Matt Weber <matthew.weber@rockwellcollins.com>
-Date: Tue, 22 Oct 2019 12:44:30 -0500
-Subject: [PATCH] Makefile: cleanup install for rebuilds
-
-Support the ability to rebuild and redeploy without a clean. This
-required some force linking and man archive creation.
-
-Provide the ability to override the stripping of the shared lib for
-cases where a embedded target build may want to control stripping
-or provide cross arch tools.
-
-Upstream-Status: Backport [060b9b4147f6e5ff386a8b017796118d783e59fa]
-Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
-Signed-off-by: Stephan Mueller <smueller@chronox.de>
-Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
----
- Makefile | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index 4ff069b..2e78607 100644
---- a/Makefile
-+++ b/Makefile
-@@ -14,6 +14,8 @@ LIBDIR := lib
- # include target directory
- INCDIR := include
- 
-+INSTALL_STRIP ?= install -s
-+
- NAME := jitterentropy
- LIBMAJOR=$(shell cat jitterentropy-base.c | grep define | grep MAJVERSION | awk '{print $$3}')
- LIBMINOR=$(shell cat jitterentropy-base.c | grep define | grep MINVERSION | awk '{print $$3}')
-@@ -58,15 +60,15 @@ cppcheck:
- install:
- 	install -d -m 0755 $(DESTDIR)$(PREFIX)/share/man/man3
- 	install -m 644 doc/$(NAME).3 $(DESTDIR)$(PREFIX)/share/man/man3/
--	gzip -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3
-+	gzip -f -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3
- 	install -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
--	install -m 0755 -s lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/
-+	$(INSTALL_STRIP) -m 0755 lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/
- 	install -d -m 0755 $(DESTDIR)$(PREFIX)/$(INCDIR)
- 	install -m 0644 jitterentropy.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
- 	install -m 0644 jitterentropy-base-user.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
- 	$(RM) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR)
--	ln -s lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR)
--	ln -s lib$(NAME).so.$(LIBMAJOR) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so
-+	ln -sf lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR)
-+	ln -sf lib$(NAME).so.$(LIBMAJOR) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so
- 
- clean:
- 	@- $(RM) $(NAME)
--- 
-2.23.0
-
diff --git a/poky/meta/recipes-support/libjitterentropy/libjitterentropy_2.2.0.bb b/poky/meta/recipes-support/libjitterentropy/libjitterentropy_3.0.1.bb
index 710ef0172..197bb787a 100644
--- a/poky/meta/recipes-support/libjitterentropy/libjitterentropy_2.2.0.bb
+++ b/poky/meta/recipes-support/libjitterentropy/libjitterentropy_3.0.1.bb
@@ -5,14 +5,12 @@ stamp. It is a small-scale, yet fast entropy source that is viable in almost \
 all environments and on a lot of CPU architectures."
 HOMEPAGE = "http://www.chronox.de/jent.html"
 LICENSE = "GPLv2+ | BSD"
-LIC_FILES_CHKSUM = "file://COPYING;md5=a95aadbdfae7ed812bb2b7b86eb5981c \
+LIC_FILES_CHKSUM = "file://COPYING;md5=c69090e97c8fd6372d03099c0a5bc382 \
                     file://COPYING.gplv2;md5=eb723b61539feef013de476e68b5c50a \
                     file://COPYING.bsd;md5=66a5cedaf62c4b2637025f049f9b826f \
                     "
-SRC_URI = "git://github.com/smuellerDD/jitterentropy-library.git \
-           file://0001-Makefile-cleanup-install-for-rebuilds.patch \
-           file://0001-Make-man-pages-reproducible.patch"
-SRCREV = "933a44f33ed3d6612f7cfaa7ad1207c8da4886ba"
+SRC_URI = "git://github.com/smuellerDD/jitterentropy-library.git"
+SRCREV = "747bf030b0ea9c44548b4e29bcfab7ae416675fc"
 S = "${WORKDIR}/git"
 
 do_configure[noexec] = "1"
diff --git a/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch b/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch
index ebb7fa588..af96bd57c 100644
--- a/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch
+++ b/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch
@@ -1,4 +1,4 @@
-From 7bd2b060e9ea3e2ff11e67d1e98ab882819b28b7 Mon Sep 17 00:00:00 2001
+From 6081640895b6d566fa21123e2de7d111eeab5c4c Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 3 Dec 2012 18:17:31 +0800
 Subject: [PATCH] libksba: add pkgconfig support
@@ -11,11 +11,15 @@ They think pkgconfig adds no portability and maintaining them is not worthwhile.
 
 Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
 
+---
+ src/ksba.m4 | 90 +++--------------------------------------------------
+ 1 file changed, 4 insertions(+), 86 deletions(-)
+
 diff --git a/src/ksba.m4 b/src/ksba.m4
-index ad8de4f..af903ad 100644
+index 6b55bb8..6e7336f 100644
 --- a/src/ksba.m4
 +++ b/src/ksba.m4
-@@ -22,37 +22,6 @@ dnl with a changed API.
+@@ -23,37 +23,6 @@ dnl with a changed API.
  dnl
  AC_DEFUN([AM_PATH_KSBA],
  [ AC_REQUIRE([AC_CANONICAL_HOST])
@@ -23,7 +27,7 @@ index ad8de4f..af903ad 100644
 -  dnl since that is consistent with how our three siblings use the directory/
 -  dnl package name in --with-$dir_name-prefix=PFX.
 -  AC_ARG_WITH(libksba-prefix,
--              AC_HELP_STRING([--with-libksba-prefix=PFX],
+-              AS_HELP_STRING([--with-libksba-prefix=PFX],
 -                             [prefix where KSBA is installed (optional)]),
 -     ksba_config_prefix="$withval", ksba_config_prefix="")
 -
@@ -53,7 +57,7 @@ index ad8de4f..af903ad 100644
  
    tmp=ifelse([$1], ,1:1.0.0,$1)
    if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
-@@ -63,56 +32,13 @@ AC_DEFUN([AM_PATH_KSBA],
+@@ -64,56 +33,13 @@ AC_DEFUN([AM_PATH_KSBA],
       min_ksba_version="$tmp"
    fi
  
@@ -113,7 +117,7 @@ index ad8de4f..af903ad 100644
          if test "$tmp" -gt 0 ; then
             AC_MSG_CHECKING([KSBA API version])
             if test "$req_ksba_api" -eq "$tmp" ; then
-@@ -125,14 +51,8 @@ AC_DEFUN([AM_PATH_KSBA],
+@@ -126,14 +52,8 @@ AC_DEFUN([AM_PATH_KSBA],
       fi
    fi
    if test $ok = yes; then
@@ -129,7 +133,7 @@ index ad8de4f..af903ad 100644
      if test x"$libksba_config_host" != xnone ; then
        if test x"$libksba_config_host" != x"$host" ; then
    AC_MSG_WARN([[
-@@ -146,8 +66,6 @@ AC_DEFUN([AM_PATH_KSBA],
+@@ -147,8 +67,6 @@ AC_DEFUN([AM_PATH_KSBA],
        fi
      fi
    else
diff --git a/poky/meta/recipes-support/libksba/libksba_1.4.0.bb b/poky/meta/recipes-support/libksba/libksba_1.5.0.bb
index a9daf22d7..005389eab 100644
--- a/poky/meta/recipes-support/libksba/libksba_1.4.0.bb
+++ b/poky/meta/recipes-support/libksba/libksba_1.5.0.bb
@@ -19,7 +19,7 @@ UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html"
 SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
            file://ksba-add-pkgconfig-support.patch"
 
-SRC_URI[sha256sum] = "bfe6a8e91ff0f54d8a329514db406667000cb207238eded49b599761bfca41b6"
+SRC_URI[sha256sum] = "ae4af129216b2d7fdea0b5bf2a788cd458a79c983bb09a43f4d525cc87aba0ba"
 
 do_configure_prepend () {
 	# Else these could be used in preference to those in aclocal-copy
diff --git a/poky/meta/recipes-support/libpcre/libpcre2_10.35.bb b/poky/meta/recipes-support/libpcre/libpcre2_10.36.bb
index 35c019c10..d8077a122 100644
--- a/poky/meta/recipes-support/libpcre/libpcre2_10.35.bb
+++ b/poky/meta/recipes-support/libpcre/libpcre2_10.36.bb
@@ -8,11 +8,11 @@ SUMMARY = "Perl Compatible Regular Expressions version 2"
 HOMEPAGE = "http://www.pcre.org"
 SECTION = "devel"
 LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://LICENCE;md5=a06590e9bd4c229532364727aaeaf084"
+LIC_FILES_CHKSUM = "file://LICENCE;md5=60c08fab1357bfe9084b333bc33362d6"
 
 SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2"
 
-SRC_URI[sha256sum] = "9ccba8e02b0ce78046cdfb52e5c177f0f445e421059e43becca4359c669d4613"
+SRC_URI[sha256sum] = "a9ef39278113542968c7c73a31cfcb81aca1faa64690f400b907e8ab6b4a665c"
 
 CVE_PRODUCT = "pcre2"
 
diff --git a/poky/meta/recipes-support/libproxy/libproxy/0001-get-pac-test-Fix-build-with-clang-libc.patch b/poky/meta/recipes-support/libproxy/libproxy/0001-get-pac-test-Fix-build-with-clang-libc.patch
deleted file mode 100644
index fedda9dd9..000000000
--- a/poky/meta/recipes-support/libproxy/libproxy/0001-get-pac-test-Fix-build-with-clang-libc.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 2d73469c7a17ebfe4330ac6643b0c8abdc125d05 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 30 Jan 2019 09:29:44 -0800
-Subject: [PATCH] get-pac-test: Fix build with clang/libc++
-
-get-pac-test.cpp:55:10: error: assigning to 'int' from incompatible type '__bind<int &, sockaddr *, unsigned int>'
-                        ret = bind(m_sock, (sockaddr*)&addr, sizeof (struct sockaddr_in));                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Upstream-Status: Submitted [https://github.com/libproxy/libproxy/pull/97]
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- libproxy/test/get-pac-test.cpp | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libproxy/test/get-pac-test.cpp b/libproxy/test/get-pac-test.cpp
-index 0059dfb..911f296 100644
---- a/libproxy/test/get-pac-test.cpp
-+++ b/libproxy/test/get-pac-test.cpp
-@@ -52,7 +52,7 @@ class TestServer {
- 
- 			setsockopt(m_sock, SOL_SOCKET, SO_REUSEADDR, &i, sizeof(i));
- 
--			ret = bind(m_sock, (sockaddr*)&addr, sizeof (struct sockaddr_in));
-+			ret = ::bind(m_sock, (sockaddr*)&addr, sizeof (struct sockaddr_in));
- 			assert(!ret);
- 
- 			ret = listen(m_sock, 1);
--- 
-2.20.1
-
diff --git a/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch b/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch
deleted file mode 100644
index 3ef7f8545..000000000
--- a/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From a83dae404feac517695c23ff43ce1e116e2bfbe0 Mon Sep 17 00:00:00 2001
-From: Michael Catanzaro <mcatanzaro@gnome.org>
-Date: Wed, 9 Sep 2020 11:12:02 -0500
-Subject: [PATCH] Rewrite url::recvline to be nonrecursive
-
-This function processes network input. It's semi-trusted, because the
-PAC ought to be trusted. But we still shouldn't allow it to control how
-far we recurse. A malicious PAC can cause us to overflow the stack by
-sending a sufficiently-long line without any '\n' character.
-
-Also, this function failed to properly handle EINTR, so let's fix that
-too, for good measure.
-
-Fixes #134
-
-Upstream-Status: Backport [https://github.com/libproxy/libproxy/commit/836c10b60c65e947ff1e10eb02fbcc676d909ffa]
-CVE: CVE-2020-25219
-Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
----
- libproxy/url.cpp | 28 ++++++++++++++++++----------
- 1 file changed, 18 insertions(+), 10 deletions(-)
-
-diff --git a/libproxy/url.cpp b/libproxy/url.cpp
-index ee776b2..68d69cd 100644
---- a/libproxy/url.cpp
-+++ b/libproxy/url.cpp
-@@ -388,16 +388,24 @@ string url::to_string() const {
- 	return m_orig;
- }
- 
--static inline string recvline(int fd) {
--	// Read a character.
--	// If we don't get a character, return empty string.
--	// If we are at the end of the line, return empty string.
--	char c = '\0';
--	
--	if (recv(fd, &c, 1, 0) != 1 || c == '\n')
--		return "";
--
--	return string(1, c) + recvline(fd);
-+static string recvline(int fd) {
-+	string line;
-+	int ret;
-+
-+	// Reserve arbitrary amount of space to avoid small memory reallocations.
-+	line.reserve(128);
-+
-+	do {
-+		char c;
-+		ret = recv(fd, &c, 1, 0);
-+		if (ret == 1) {
-+			if (c == '\n')
-+				return line;
-+			line += c;
-+		}
-+	} while (ret == 1 || (ret == -1 && errno == EINTR));
-+
-+	return line;
- }
- 
- char* url::get_pac() {
diff --git a/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-26154.patch b/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-26154.patch
deleted file mode 100644
index 0ccb99da8..000000000
--- a/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-26154.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From 4411b523545b22022b4be7d0cac25aa170ae1d3e Mon Sep 17 00:00:00 2001
-From: Fei Li <lifeibiren@gmail.com>
-Date: Fri, 17 Jul 2020 02:18:37 +0800
-Subject: [PATCH] Fix buffer overflow when PAC is enabled
-
-The bug was found on Windows 10 (MINGW64) when PAC is enabled. It turned
-out to be the large PAC file (more than 102400 bytes) returned by a
-local proxy program with no content-length present.
-
-Upstream-Status: Backport [https://github.com/libproxy/libproxy/commit/6d342b50366a048d3d543952e2be271b5742c5f8]
-CVE: CVE-2020-26154
-Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
-
----
- libproxy/url.cpp | 44 +++++++++++++++++++++++++++++++-------------
- 1 file changed, 31 insertions(+), 13 deletions(-)
-
-diff --git a/libproxy/url.cpp b/libproxy/url.cpp
-index ee776b2..8684086 100644
---- a/libproxy/url.cpp
-+++ b/libproxy/url.cpp
-@@ -54,7 +54,7 @@ using namespace std;
- #define PAC_MIME_TYPE_FB "text/plain"
- 
- // This is the maximum pac size (to avoid memory attacks)
--#define PAC_MAX_SIZE 102400
-+#define PAC_MAX_SIZE 0x800000
- // This is the default block size to use when receiving via HTTP
- #define PAC_HTTP_BLOCK_SIZE 512
- 
-@@ -478,15 +478,13 @@ char* url::get_pac() {
- 		}
- 
- 		// Get content
--		unsigned int recvd = 0;
--		buffer = new char[PAC_MAX_SIZE];
--		memset(buffer, 0, PAC_MAX_SIZE);
-+		std::vector<char> dynamic_buffer;
- 		do {
- 			unsigned int chunk_length;
- 
- 			if (chunked) {
- 				// Discard the empty line if we received a previous chunk
--				if (recvd > 0) recvline(sock);
-+				if (!dynamic_buffer.empty()) recvline(sock);
- 
- 				// Get the chunk-length line as an integer
- 				if (sscanf(recvline(sock).c_str(), "%x", &chunk_length) != 1 || chunk_length == 0) break;
-@@ -498,21 +496,41 @@ char* url::get_pac() {
- 
- 			if (content_length >= PAC_MAX_SIZE) break;
- 
--			while (content_length == 0 || recvd != content_length) {
--				int r = recv(sock, buffer + recvd,
--				             content_length == 0 ? PAC_HTTP_BLOCK_SIZE
--				                                 : content_length - recvd, 0);
-+			while (content_length == 0 || dynamic_buffer.size() != content_length) {
-+				// Calculate length to recv
-+				unsigned int length_to_read = PAC_HTTP_BLOCK_SIZE;
-+				if (content_length > 0)
-+					length_to_read = content_length - dynamic_buffer.size();
-+
-+				// Prepare buffer
-+				dynamic_buffer.resize(dynamic_buffer.size() + length_to_read);
-+
-+				int r = recv(sock, dynamic_buffer.data() + dynamic_buffer.size() - length_to_read, length_to_read, 0);
-+
-+				// Shrink buffer to fit
-+				if (r >= 0)
-+					dynamic_buffer.resize(dynamic_buffer.size() - length_to_read + r);
-+
-+				// PAC size too large, discard
-+				if (dynamic_buffer.size() >= PAC_MAX_SIZE) {
-+					chunked = false;
-+					dynamic_buffer.clear();
-+					break;
-+				}
-+
- 				if (r <= 0) {
- 					chunked = false;
- 					break;
- 				}
--				recvd += r;
- 			}
- 		} while (chunked);
- 
--		if (content_length != 0 && string(buffer).size() != content_length) {
--			delete[] buffer;
--			buffer = NULL;
-+		if (content_length == 0 || content_length == dynamic_buffer.size()) {
-+			buffer = new char[dynamic_buffer.size() + 1];
-+			if (!dynamic_buffer.empty()) {
-+				memcpy(buffer, dynamic_buffer.data(), dynamic_buffer.size());
-+			}
-+			buffer[dynamic_buffer.size()] = '\0';
- 		}
- 	}
- 
diff --git a/poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb b/poky/meta/recipes-support/libproxy/libproxy_0.4.17.bb
index 6f704d7a9..ad81cccf5 100644
--- a/poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb
+++ b/poky/meta/recipes-support/libproxy/libproxy_0.4.17.bb
@@ -8,13 +8,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \
 
 DEPENDS = "glib-2.0"
 
-SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.xz \
-           file://0001-get-pac-test-Fix-build-with-clang-libc.patch \
-           file://CVE-2020-25219.patch \
-           file://CVE-2020-26154.patch \
-          "
-SRC_URI[md5sum] = "f6b1d2a1e17a99cd3debaae6d04ab152"
-SRC_URI[sha256sum] = "654db464120c9534654590b6683c7fa3887b3dad0ca1c4cd412af24fbfca6d4f"
+SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.xz"
+SRC_URI[sha256sum] = "bc89f842f654ee1985a31c0ba56dc7e2ce8044a0264ddca84e650f46cd7f8b05"
 
 UPSTREAM_CHECK_URI = "https://github.com/libproxy/libproxy/releases"
 UPSTREAM_CHECK_REGEX = "libproxy-(?P<pver>.*)\.tar"
diff --git a/poky/meta/recipes-support/libusb/libusb1_1.0.23.bb b/poky/meta/recipes-support/libusb/libusb1_1.0.24.bb
index 2fd658b4e..4c552ae6c 100644
--- a/poky/meta/recipes-support/libusb/libusb1_1.0.23.bb
+++ b/poky/meta/recipes-support/libusb/libusb1_1.0.24.bb
@@ -12,8 +12,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/libusb/libusb-${PV}.tar.bz2 \
            file://run-ptest \
           "
 
-SRC_URI[md5sum] = "be79ed4a4a440169deec8beaac6aae33"
-SRC_URI[sha256sum] = "4fc17b2ef3502757641bf8fe2c14ad86ec86302a2b785abcb0806fd03aa1201f"
+SRC_URI[sha256sum] = "7efd2685f7b327326dcfb85cee426d9b871fd70e22caa15bb68d595ce2a2b12a"
 
 S = "${WORKDIR}/libusb-${PV}"
 
diff --git a/poky/meta/recipes-support/libyaml/libyaml_0.2.5.bb b/poky/meta/recipes-support/libyaml/libyaml_0.2.5.bb
index e39a7b908..778e09163 100644
--- a/poky/meta/recipes-support/libyaml/libyaml_0.2.5.bb
+++ b/poky/meta/recipes-support/libyaml/libyaml_0.2.5.bb
@@ -15,4 +15,7 @@ S = "${WORKDIR}/yaml-${PV}"
 
 inherit autotools
 
+DISABLE_STATIC_class-nativesdk = ""
+DISABLE_STATIC_class-native = ""
+
 BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-support/nettle/nettle-3.6/Add-target-to-only-build-tests-not-run-them.patch b/poky/meta/recipes-support/nettle/nettle-3.7/Add-target-to-only-build-tests-not-run-them.patch
index e3f5c6de7..e3f5c6de7 100644
--- a/poky/meta/recipes-support/nettle/nettle-3.6/Add-target-to-only-build-tests-not-run-them.patch
+++ b/poky/meta/recipes-support/nettle/nettle-3.7/Add-target-to-only-build-tests-not-run-them.patch
diff --git a/poky/meta/recipes-support/nettle/nettle-3.6/check-header-files-of-openssl-only-if-enable_.patch b/poky/meta/recipes-support/nettle/nettle-3.7/check-header-files-of-openssl-only-if-enable_.patch
index d5f266681..d5f266681 100644
--- a/poky/meta/recipes-support/nettle/nettle-3.6/check-header-files-of-openssl-only-if-enable_.patch
+++ b/poky/meta/recipes-support/nettle/nettle-3.7/check-header-files-of-openssl-only-if-enable_.patch
diff --git a/poky/meta/recipes-support/nettle/nettle-3.6/dlopen-test.patch b/poky/meta/recipes-support/nettle/nettle-3.7/dlopen-test.patch
index ab9b91f88..ab9b91f88 100644
--- a/poky/meta/recipes-support/nettle/nettle-3.6/dlopen-test.patch
+++ b/poky/meta/recipes-support/nettle/nettle-3.7/dlopen-test.patch
diff --git a/poky/meta/recipes-support/nettle/nettle-3.6/run-ptest b/poky/meta/recipes-support/nettle/nettle-3.7/run-ptest
index b90bed66d..b90bed66d 100644
--- a/poky/meta/recipes-support/nettle/nettle-3.6/run-ptest
+++ b/poky/meta/recipes-support/nettle/nettle-3.7/run-ptest
diff --git a/poky/meta/recipes-support/nettle/nettle_3.6.bb b/poky/meta/recipes-support/nettle/nettle_3.7.bb
index 90f8625ae..2c219c2a1 100644
--- a/poky/meta/recipes-support/nettle/nettle_3.6.bb
+++ b/poky/meta/recipes-support/nettle/nettle_3.7.bb
@@ -1,5 +1,8 @@
 SUMMARY = "A low level cryptographic library"
 HOMEPAGE = "http://www.lysator.liu.se/~nisse/nettle/"
+DESCRIPTION = "It tries to solve a problem of providing a common set of \
+cryptographic algorithms for higher-level applications by implementing a \
+context-independent set of cryptographic algorithms"
 SECTION = "libs"
 LICENSE = "LGPLv3+ | GPLv2+"
 
@@ -20,8 +23,7 @@ SRC_URI_append_class-target = "\
             file://dlopen-test.patch \
             "
 
-SRC_URI[md5sum] = "c45ee24ed7361dcda152a035d396fe8a"
-SRC_URI[sha256sum] = "d24c0d0f2abffbc8f4f34dcf114b0f131ec3774895f3555922fe2f40f3d5e3f1"
+SRC_URI[sha256sum] = "f001f64eb444bf13dd91bceccbc20acbc60c4311d6e2b20878452eb9a9cec75a"
 
 UPSTREAM_CHECK_REGEX = "nettle-(?P<pver>\d+(\.\d+)+)\.tar"
 
diff --git a/poky/meta/recipes-support/p11-kit/p11-kit_0.23.21.bb b/poky/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb
index b1fd2334b..c539ecdbc 100644
--- a/poky/meta/recipes-support/p11-kit/p11-kit_0.23.21.bb
+++ b/poky/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb
@@ -2,17 +2,18 @@ SUMMARY = "Provides a way to load and enumerate PKCS#11 modules"
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://COPYING;md5=02933887f609807fbb57aa4237d14a50"
 
-inherit meson gettext pkgconfig gtk-doc bash-completion
+inherit meson gettext pkgconfig gtk-doc bash-completion manpages
 
 DEPENDS = "libtasn1 libtasn1-native libffi"
 
 DEPENDS_append = "${@' glib-2.0' if d.getVar('GTKDOC_ENABLED') == 'True' else ''}"
 
-SRC_URI = "git://github.com/p11-glue/p11-kit"
-SRCREV = "fd8b56f3ee971f94dc6fc95411fc01e1c12153ab"
+SRC_URI = "git://github.com/p11-glue/p11-kit;branch=0.23"
+SRCREV = "bd97afbfe28d5fbbde95ce36ff7a8834fc0291ee"
 S = "${WORKDIR}/git"
 
 PACKAGECONFIG ??= ""
+PACKAGECONFIG[manpages] = "-Dman=true,-Dman=false,libxslt-native"
 PACKAGECONFIG[trust-paths] = "-Dtrust_paths=/etc/ssl/certs/ca-certificates.crt,,,ca-certificates"
 
 GTKDOC_MESON_OPTION = 'gtk_doc'
diff --git a/poky/meta/recipes-support/rng-tools/rng-tools/0001-rngd-fix-debug-to-also-filter-syslog-calls.patch b/poky/meta/recipes-support/rng-tools/rng-tools/0001-rngd-fix-debug-to-also-filter-syslog-calls.patch
deleted file mode 100644
index 073337866..000000000
--- a/poky/meta/recipes-support/rng-tools/rng-tools/0001-rngd-fix-debug-to-also-filter-syslog-calls.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 213a869e8315ead2c739acfcbde712358a842dee Mon Sep 17 00:00:00 2001
-From: Yann Dirson <yann@blade-group.com>
-Date: Fri, 9 Oct 2020 15:12:26 +0200
-Subject: [PATCH] rngd: fix --debug to also filter syslog() calls
-
-Debug logs were only controlled by --debug flag while in --foreground
-mode.  In --daemon mode /var/log/message got stuffed with details of
-entropy pool refilling, which is useless in production, and hamful
-when log rotation then gets rid of the more useful logs.  This is
-especially true for embedded systems.
-
-This change makes the two modes consistently only produce debug logs when
---debug is specified.
-
-Upstream-Status: Backport [213a869e8315ead2c739acfcbde712358a842dee]
-
-Signed-off-by: Yann Dirson <yann@blade-group.com>
----
- rngd.h | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/rngd.h b/rngd.h
-index 901b6f1..a79ea0f 100644
---- a/rngd.h
-+++ b/rngd.h
-@@ -166,13 +166,13 @@ extern bool quiet;
- #define message(priority,fmt,args...) do { \
- 	if (quiet) \
- 		break;\
-+	if (arguments->debug == false && LOG_PRI(priority) == LOG_DEBUG) \
-+		break;\
- 	if (am_daemon) { \
- 		syslog((priority), fmt, ##args); \
- 	} else if (!msg_squash) { \
--		if ((LOG_PRI(priority) != LOG_DEBUG) || (arguments->debug == true)) {\
--			fprintf(stderr, fmt, ##args); \
--			fflush(stderr); \
--		} \
-+		fprintf(stderr, fmt, ##args); \
-+		fflush(stderr); \
- 	} \
- } while (0)
- 
--- 
-2.28.0
-
diff --git a/poky/meta/recipes-support/rng-tools/rng-tools/a4b6d9ce64f132e463b9091d0536913ddaf11516.patch b/poky/meta/recipes-support/rng-tools/rng-tools/a4b6d9ce64f132e463b9091d0536913ddaf11516.patch
deleted file mode 100644
index 96301617b..000000000
--- a/poky/meta/recipes-support/rng-tools/rng-tools/a4b6d9ce64f132e463b9091d0536913ddaf11516.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From a4b6d9ce64f132e463b9091d0536913ddaf11516 Mon Sep 17 00:00:00 2001
-From: Neil Horman <nhorman@tuxdriver.com>
-Date: Thu, 30 Apr 2020 16:57:35 -0400
-Subject: [PATCH] Remove name conflict with libc encrypt
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Forgot to fixup the funciton name conflict with libcs encrypt() function
-on power systems
-
-Upstream-Status: Backport [https://github.com/nhorman/rng-tools/commit/a4b6d9ce64f132e463b9091d0536913ddaf11516]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
-Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
-Reported-by: Natanael Copa <ncopa@alpinelinux.org>
-Reported-by: "Milan P. Stanić" <mps@arvanta.net>
----
- rngd_darn.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/rngd_darn.c b/rngd_darn.c
-index 35df7a1..9345895 100644
---- a/rngd_darn.c
-+++ b/rngd_darn.c
-@@ -109,7 +109,7 @@ static int init_openssl(struct rng *ent_src)
- 	return 0;
- }
- 
--int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key,
-+static int osslencrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key,
-             unsigned char *iv, unsigned char *ciphertext)
- {
-         int len;
-@@ -150,7 +150,7 @@ static inline int openssl_mangle(unsigned char *tmp, struct rng *ent_src)
-         unsigned char ciphertext[CHUNK_SIZE * RDRAND_ROUNDS];
- 
-         /* Encrypt the plaintext */
--        ciphertext_len = encrypt (tmp, strlen(tmp), key, iv_buf,
-+        ciphertext_len = osslencrypt (tmp, strlen(tmp), key, iv_buf,
-                               ciphertext);
-         printf("Calling mangle with len %d\n", ciphertext_len);
-         if (!ciphertext_len)
diff --git a/poky/meta/recipes-support/rng-tools/rng-tools/dab16a5fd4efde8ef569b358e19b1fcbc7d0d938.patch b/poky/meta/recipes-support/rng-tools/rng-tools/dab16a5fd4efde8ef569b358e19b1fcbc7d0d938.patch
deleted file mode 100644
index 93103ef79..000000000
--- a/poky/meta/recipes-support/rng-tools/rng-tools/dab16a5fd4efde8ef569b358e19b1fcbc7d0d938.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From dab16a5fd4efde8ef569b358e19b1fcbc7d0d938 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Mon, 30 Mar 2020 00:10:46 +0200
-Subject: [PATCH] rngd_jitter: disambiguate call to encrypt
-
-Commit 0f184ea7e792427fb20afe81d471b565aee96f0b disambiguate the call to
-encrypt in rngd_rdrand.c but did not update rngd_jitter.c.
-
-This raise the following build failure:
-
-rngd_jitter.c:75:12: error: conflicting types for 'encrypt'
- static int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key,
-            ^~~~~~~
-In file included from rngd_jitter.c:27:
-/home/dawncrow/buildroot-test/scripts/instance-0/output-1/host/powerpc-buildroot-linux-uclibc/sysroot/usr/include/unistd.h:1132:13: note: previous declaration of 'encrypt' was here
- extern void encrypt (char *__block, int __edflag) __THROW __nonnull ((1));
-             ^~~~~~~
-Makefile:770: recipe for target 'rngd-rngd_jitter.o' failed
-
-Fixes:
- - http://autobuild.buildroot.org/results/0ca6bf16e3acbc94065b88c4442d6595424b77cb
-
-Upstream-Status: Backport [https://github.com/nhorman/rng-tools/commit/dab16a5fd4efde8ef569b358e19b1fcbc7d0d938]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- rngd_jitter.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/rngd_jitter.c b/rngd_jitter.c
-index c1b1aca..49a3825 100644
---- a/rngd_jitter.c
-+++ b/rngd_jitter.c
-@@ -72,7 +72,7 @@ unsigned char *aes_buf;
- char key[AES_BLOCK];
- static unsigned char iv_buf[CHUNK_SIZE] __attribute__((aligned(128)));
- 
--static int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key,
-+static int osslencrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key,
-             unsigned char *iv, unsigned char *ciphertext)
- {
-         EVP_CIPHER_CTX *ctx;
-@@ -122,7 +122,7 @@ static inline int openssl_mangle(unsigned char *tmp, struct rng *ent_src)
-         unsigned char ciphertext[CHUNK_SIZE * RDRAND_ROUNDS];
- 
-         /* Encrypt the plaintext */
--        ciphertext_len = encrypt (tmp, strlen(tmp), key, iv_buf,
-+        ciphertext_len = osslencrypt (tmp, strlen(tmp), key, iv_buf,
-                               ciphertext);
-         if (!ciphertext_len)
-                 return -1;
diff --git a/poky/meta/recipes-support/rng-tools/rng-tools_6.10.bb b/poky/meta/recipes-support/rng-tools/rng-tools_6.11.bb
index 40ec5ad67..61a0cef2e 100644
--- a/poky/meta/recipes-support/rng-tools/rng-tools_6.10.bb
+++ b/poky/meta/recipes-support/rng-tools/rng-tools_6.11.bb
@@ -10,14 +10,11 @@ DEPENDS = "sysfsutils openssl"
 
 SRC_URI = "\
     git://github.com/nhorman/rng-tools.git \
-    file://a4b6d9ce64f132e463b9091d0536913ddaf11516.patch \
-    file://dab16a5fd4efde8ef569b358e19b1fcbc7d0d938.patch \
-    file://0001-rngd-fix-debug-to-also-filter-syslog-calls.patch \
     file://init \
     file://default \
     file://rngd.service \
 "
-SRCREV = "0be82200a66d9321451e0a0785bfae350b9cffdc"
+SRCREV = "2ea13473fd5bfea3c861dc0e23bd65e2afe8007b"
 
 S = "${WORKDIR}/git"
 
diff --git a/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb b/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb
index e82c818e5..5509c99c4 100644
--- a/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb
+++ b/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb
@@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 DEPENDS = "libxml2 itstool-native glib-2.0 shared-mime-info-native xmlto-native"
 
 SRC_URI = "git://gitlab.freedesktop.org/xdg/shared-mime-info.git;protocol=https"
-SRCREV = "ef58b2b2f7ad4070171c6e45e3b3764daa3ff2c1"
-PV = "2.0"
+SRCREV = "18e558fa1c8b90b86757ade09a4ba4d6a6cf8f70"
+PV = "2.1"
 S = "${WORKDIR}/git"
 
 inherit meson pkgconfig gettext python3native mime
diff --git a/poky/meta/recipes-support/sqlite/sqlite3_3.33.0.bb b/poky/meta/recipes-support/sqlite/sqlite3_3.34.1.bb
index 33f041a16..fe5adb221 100644
--- a/poky/meta/recipes-support/sqlite/sqlite3_3.33.0.bb
+++ b/poky/meta/recipes-support/sqlite/sqlite3_3.34.1.bb
@@ -3,8 +3,8 @@ require sqlite3.inc
 LICENSE = "PD"
 LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66"
 
-SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz"
-SRC_URI[sha256sum] = "106a2c48c7f75a298a7557bcc0d5f4f454e5b43811cc738b7ca294d6956bbb15"
+SRC_URI = "http://www.sqlite.org/2021/sqlite-autoconf-${SQLITE_PV}.tar.gz"
+SRC_URI[sha256sum] = "2a3bca581117b3b88e5361d0ef3803ba6d8da604b1c1a47d902ef785c1b53e89"
 
 # -19242 is only an issue in specific development branch commits
 CVE_CHECK_WHITELIST += "CVE-2019-19242"
author	Andrew Geissler <geissonator@yahoo.com>	2021-02-13 00:35:20 +0300
committer	Brad Bishop <bradleyb@fuzziesquirrel.com>	2021-02-25 23:15:06 +0300
commit	d1e894976442c78577f52fe7b169812d00289120 (patch)
tree	b65864e37eca17e36157663e48e82e3745145379 /poky/meta/recipes-support
parent	ec0e87b37a04927ed4549b1b9d2e23a8c345cb7a (diff)
download	openbmc-d1e894976442c78577f52fe7b169812d00289120.tar.xz